Lucene search

[email protected]CVE-2024-24975

HistoryMar 15, 2024 - 9:15 a.m.

CVE-2024-24975

2024-03-1509:15:06

CWE-400

[email protected]

web.nvd.nist.gov

mattermost

mobile

cve-2024-24975

uncontrolled resource consumption

security vulnerability

syntax highlighter

code block

application crash

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost Mobile",
    "vendor": "Mattermost",
    "versions": [
      {
        "status": "unaffected",
        "version": "2.13.0"
      },
      {
        "lessThanOrEqual": "2.12.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

mattermost.com/security-updates

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Related for CVE-2024-24975

cvelist1 nvd1