Lucene search
BrthncH1:1806223HistoryDec 15, 2022 - 9:44 a.m.
Nextcloud: Reference fetch can saturate the server bandwidth for 10 seconds
2022-12-1509:44:50
brthnc
hackerone.com
9
nextcloud
talk
server bandwidth
denial of service
bug bounty
0.001 Low
EPSS
Percentile
32.0%
Summary:
When posting a message on talk, a reference is fetched for any link in the message
There is a hardcoded mandatory 10sec timeout. But the ressource is still fetched for those entire 10 seconds.
For high-bandwidth servers, this can result in disk space being temporarily filled and saturate the server bandwidth.
Tested on my 2.5gbps network, I was easily able to find 10GB ressources online that have higher network speed and fully saturate the netwrok for a few seconds and a few messages.
Steps To Reproduce:
- Open a talk room
- Post multiple messages containing a link to a high availability ressource like https://speed.hetzner.de/10GB.bin
Impact
Can severly impact server performances and/or lead to a denial of service
Related
nvd
nvd
CVE-2023-28644
2023-03-30 19:15:06
openvas
openvas
Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-9wmj-gp8v-477j)
2023-04-04 00:00:00
cvelist
cvelist
nextcloud
nextcloud
Reference fetch can saturate the server bandwidth for 10 seconds
2023-03-30 08:13:24
cve
cve
CVE-2023-28644
2023-03-30 19:15:06
osv
osv
CVE-2023-28644
2023-03-30 19:15:06
prion
prion
Design/Logic Flaw
2023-03-30 19:15:00
redos
redos
ROS-20230418-01
2023-04-18 00:00:00