Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneFancycodeH1:1261225
HistoryJul 14, 2021 - 10:18 a.m.

Nextcloud: High memory usage for generating preview of broken image

2021-07-1410:18:51
fancycode
hackerone.com
33
nextcloud
denial of service
php
cpu
upload
memory allocation

EPSS

0.002

Percentile

64.5%

JSON

When the attached file is uploaded and a preview is generated (e.g. in the folder overview of the files app), the PHP process allocates a very large amount of memory (on my machine it was shortly around 5 GByte) and CPU.

Tested with latest master (1366b35081f1d92429787696f4175c19a602858a) on Ubuntu 20.04 (php7.4-fpm). Option “memory_limit” is set to 512M.

Impact

An attacker can cause a denial of service by uploading lots of such files which will cause the server to allocate too much memory / CPU.

Related

cnvd 1
prion 1
nvd 1
cve 1
openvas 1
cvelist 1
nextcloud 1
osv 1
gentoo 1
nessus 1
cnvd
cnvd
Nextcloud server denial of service vulnerability (CNVD-2022-20690)
2022-03-11 00:00:00
prion
prion
Code injection
2022-03-09 22:15:00
nvd
nvd
CVE-2022-24741
2022-03-09 22:15:09
cve
cve
CVE-2022-24741
2022-03-09 22:15:09
openvas
openvas
Nextcloud Server < 21.0.8, 22.x < 22.2.4, 23.x < 23.0.1 DoS Vulnerability (GHSA-jf3h-xf4q-mh89)
2022-03-11 00:00:00
cvelist
cvelist
CVE-2022-24741 High memory usage in Nextcloud server
2022-03-09 21:30:13
nextcloud
nextcloud
High memory usage for generating preview of broken image
2022-03-09 06:52:40
osv
osv
CVE-2022-24741
2022-03-09 22:15:09
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00
nessus
nessus
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00

EPSS

0.002

Percentile

64.5%

JSON
Related for H1:1261225
cnvd1prion1nvd1cve1openvas1cvelist1nextcloud1osv1gentoo1nessus1