Lucene search

[email protected]CVE-2024-3872

HistoryApr 16, 2024 - 9:15 a.m.

CVE-2024-3872

2024-04-1609:15:08

CWE-400

[email protected]

web.nvd.nist.gov

mattermost

mobile app

vulnerability

regular expression

polynomial complexity

deeplinks

remote attacker

unauthenticated

freeze

crash

maliciously crafted link

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

7.5 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.

References

mattermost.com/security-updates

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

7.5 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2024-3872

cvelist1