Lucene search

GoogleOSV:CVE-2023-3614

HistoryJul 17, 2023 - 4:15 p.m.

CVE-2023-3614

2023-07-1716:15:11

Google

osv.dev

mattermost

gif

validation

vulnerability

attacker

server

resources

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

12.7%

JSON

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.

References

mattermost.com/security-updates

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for OSV:CVE-2023-3614