Lucene search

[email protected]CVE-2023-30188

HistoryAug 14, 2023 - 1:15 p.m.

CVE-2023-30188

2023-08-1413:15:10

CWE-835

[email protected]

web.nvd.nist.gov

cve-2023-30188

memory exhaustion

onlyoffice document server

denial of service

javascript file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.6%

JSON

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

CPENameOperatorVersion
onlyoffice:document_serveronlyoffice document serverle7.3.2
onlyoffice:document_serveronlyoffice document servereq6.0.1
onlyoffice:document_serveronlyoffice document servereq6.0.2
onlyoffice:document_serveronlyoffice document servereq4.2.0
onlyoffice:document_serveronlyoffice document servereq4.2.4
onlyoffice:document_serveronlyoffice document servereq4.2.7
onlyoffice:document_serveronlyoffice document servereq4.3.3
onlyoffice:document_serveronlyoffice document servereq5.6.4
onlyoffice:document_serveronlyoffice document servereq6.2.0
onlyoffice:document_serveronlyoffice document servereq5.6.5

CPE	Name	Operator	Version
onlyoffice:document_server	onlyoffice document server	le	7.3.2
onlyoffice:document_server	onlyoffice document server	eq	6.0.1
onlyoffice:document_server	onlyoffice document server	eq	6.0.2
onlyoffice:document_server	onlyoffice document server	eq	4.2.0
onlyoffice:document_server	onlyoffice document server	eq	4.2.4
onlyoffice:document_server	onlyoffice document server	eq	4.2.7
onlyoffice:document_server	onlyoffice document server	eq	4.3.3
onlyoffice:document_server	onlyoffice document server	eq	5.6.4
onlyoffice:document_server	onlyoffice document server	eq	6.2.0
onlyoffice:document_server	onlyoffice document server	eq	5.6.5

Rows per page:

1-10 of 731

References

onlyoffice.com

gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/

github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110

github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a

github.com/ONLYOFFICE/DocumentServer

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.6%

JSON

Related for CVE-2023-30188

osv1 prion1 cvelist1