Lucene search
GoogleOSV:GHSA-HRJ7-F62F-J7X7HistorySep 27, 2022 - 12:00 a.m.
rdiffweb allows unlimited length of root directory name, which could result in DoS
2022-09-2700:00:22
Google
osv.dev
5
rdiffweb
root directory
dos
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
37.9%
rdiffweb prior to 2.4.8 has no limit in length of root directory names. Allowing users to enter long strings may result in a DOS attack or memory corruption. Version 2.4.8 defines a field limit for username, email, and root directory.
Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-09-26 13:15:00
veracode
veracode
Denial Of Service (DoS)
2022-09-27 05:59:25
cve
cve
CVE-2022-3295
2022-09-26 13:15:11
github
github
cnvd
cnvd
Rdiffweb Root Directory Name Denial of Service Vulnerability
2022-09-28 00:00:00
huntr
huntr
osv
osv
CVE-2022-3295
2022-09-26 13:15:11
PYSEC-2022-293
2022-09-26 13:15:00
nvd
nvd
CVE-2022-3295
2022-09-26 13:15:11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
37.9%
Related for OSV:GHSA-HRJ7-F62F-J7X7