CVE-2022-3371

🗓️ 30 Sep 2022 13:15:12Reported by @huntrdevType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 65 Views

Allocation of Resources Without Limits in GitHub repository ikus060/rdiffweb prior to 2.5.0a3

Reporter	Title	Published	Views	Family All 16
Huntr	No limit in length of "Token name" parameter results in DOS attack /memory corruption	29 Sep 202219:45	–	huntr
Circl	CVE-2022-3371	30 Sep 202218:36	–	circl
CNNVD	Rdiffweb 安全漏洞	30 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-3371 No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb	30 Sep 202213:15	–	cvelist
EUVD	EUVD-2022-0247	3 Oct 202520:07	–	euvd
Github Security Blog	rdiffweb's lack of token name length limit can result in DoS or memory corruption	1 Oct 202200:00	–	github
NVD	CVE-2022-3371	30 Sep 202214:15	–	nvd
OSV	CVE-2022-3371 No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb	30 Sep 202213:15	–	osv
OSV	GHSA-3FHQ-72HW-JQWV rdiffweb's lack of token name length limit can result in DoS or memory corruption	1 Oct 202200:00	–	osv
OSV	PYSEC-2022-299	30 Sep 202214:15	–	osv

NVD

Node

ikus-soft rdiffwebRange≤2.4.9

ikus-soft rdiffwebMatch2.5.0alpha1

ikus-soft rdiffwebMatch2.5.0alpha2

[
  {
    "product": "ikus060/rdiffweb",
    "vendor": "ikus060",
    "versions": [
      {
        "lessThan": "2.5.0a3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]