Denial Of Service (DoS)

rdiffweb is vulnerable to denial of service. The vulnerability exists in multiple functions in pageadmin.py , pagelogin.py and prefgeneral.py due to not validating the email length which allows an attacker to cause an application crash via a malicious input...

GHSA-HRJ7-F62F-J7X7 rdiffweb allows unlimited length of root directory name, which could result in DoS

rdiffweb prior to 2.4.8 has no limit in length of root directory names. Allowing users to enter long strings may result in a DOS attack or memory corruption. Version 2.4.8 defines a field limit for username, email, and root directory...

GHSA-QQ29-5VJH-VXWR rdiffweb vulnerable to Improper Cleanup on Thrown Exception

rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue...

rdiffweb vulnerable to Improper Cleanup on Thrown Exception

rdiffweb prior to version 2.4.8 is vulnerable to Improper Cleanup on Thrown Exception. This could allow an attacker to display a message of their choice onto a web page. Version 2.4.8 contains a fix for this issue...

rdiffweb allows unlimited length of root directory name, which could result in DoS

rdiffweb prior to 2.4.8 has no limit in length of root directory names. Allowing users to enter long strings may result in a DOS attack or memory corruption. Version 2.4.8 defines a field limit for username, email, and root directory...

GHSA-5V95-J4RR-6F3C rdiffweb's unlimited username field length can lead to DoS

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service DoS. This issue is patched in version 2.4.8. There are no known workarounds...

rdiffweb's unlimited length email field can lead to DoS

rdiffweb prior to 2.4.8 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...

rdiffweb's unlimited username field length can lead to DoS

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service DoS. This issue is patched in version 2.4.8. There are no known workarounds...

GHSA-QRJ3-HRGJ-FM7R rdiffweb's unlimited length email field can lead to DoS

rdiffweb prior to 2.4.8 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to...

GHSA-XHW9-4WQQ-X67V rdiffweb vulnerable to potential DoS via memory consumption

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "title" field when adding an SSH key. This can result in excess memory consumption, leading to a Denial of Service DoS. This issue is patched in version 2.4.8. There are no known workarounds...

rdiffweb vulnerable to potential DoS via memory consumption

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "title" field when adding an SSH key. This can result in excess memory consumption, leading to a Denial of Service DoS. This issue is patched in version 2.4.8. There are no known workarounds...

PYSEC-2022-294

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

PYSEC-2022-294

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

CVE-2022-3298 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

CVE-2022-3298 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

CVE-2022-3298

CVE-2022-3298 refers to a resource allocation vulnerability in the rdiffweb project by ikus060, where prior to version 2.4.8 an unlimited-length title field (used when adding an SSH key) can cause excessive memory usage and lead to a Denial of Service. Multiple sources corroborate the issue, with...

PYSEC-2022-43184

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

PYSEC-2022-43184

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

PYSEC-2022-292

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...

PYSEC-2022-292

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8...