CVE-2024-2446

🗓️ 15 Mar 2024 09:11:21Reported by MattermostType

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-2446	15 Mar 202411:26	–	circl
CNNVD	Mattermost 安全漏洞	15 Mar 202400:00	–	cnnvd
CNVD	Mattermost Denial of Service Vulnerability (CNVD-2024-14305)	19 Mar 202400:00	–	cnvd
Cvelist	CVE-2024-2446	15 Mar 202409:11	–	cvelist
EUVD	EUVD-2024-27396	3 Oct 202520:07	–	euvd
NVD	CVE-2024-2446	15 Mar 202410:15	–	nvd
OSV	BIT-MATTERMOST-2024-2446	16 Dec 202407:15	–	osv
Positive Technologies	PT-2024-20408 · Mattermost · Mattermost	15 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2446	23 May 202509:56	–	redhatcve
Veracode	Denial Of Service (DOS)	27 Mar 202406:37	–	veracode

NVD

Node

mattermost mattermost_serverRange8.1.0–8.1.10

mattermost mattermost_serverRange9.2.0–9.2.6

mattermost mattermost_serverRange9.3.0–9.3.2

mattermost mattermost_serverRange9.4.0–9.4.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.4.2",
        "status": "affected",
        "version": "9.4.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.3.1",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.5",
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.9",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.5.0"
      },
      {
        "status": "unaffected",
        "version": "9.4.3"
      },
      {
        "status": "unaffected",
        "version": "9.3.2"
      },
      {
        "status": "unaffected",
        "version": "9.2.6"
      },
      {
        "status": "unaffected",
        "version": "8.1.10"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

13 Dec 2024 16:39Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00132

SSVC