4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.1%
OnionShare is an open source tool that lets you securely and anonymously
share files, host websites, and chat with friends using the Tor network.
Affected versions of the desktop application were found to be vulnerable to
denial of service via an undisclosed vulnerability in the QT image parsing.
Roughly 20 bytes lead to 2GB memory consumption and this can be triggered
multiple times. To be abused, this vulnerability requires rendering in the
history tab, so some user interaction is required. An adversary with
knowledge of the Onion service address in public mode or with
authentication in private mode can perform a Denial of Service attack,
which quickly results in out-of-memory for the server. This requires the
desktop application with rendered history, therefore the impact is only
elevated. This issue has been patched in version 2.5.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | onionshare | < any | UNKNOWN |
ubuntu | 20.04 | noarch | onionshare | < any | UNKNOWN |
ubuntu | 22.04 | noarch | onionshare | < any | UNKNOWN |
ubuntu | 23.10 | noarch | onionshare | < any | UNKNOWN |
ubuntu | 24.04 | noarch | onionshare | < any | UNKNOWN |
ubuntu | 16.04 | noarch | onionshare | < any | UNKNOWN |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.1%