Lucene search

Veracode Vulnerability DatabaseVERACODE:42438

HistoryAug 06, 2023 - 8:22 p.m.

Denial Of Service (DoS)

2023-08-0620:22:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

dos

vulnerability

length validation

snippet

application crash

maliciously large snippet

library

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.5%

JSON

gitlab is vulnerable to Denial of Service (DoS). The vulnerability exists due to the lack of length validation in the Snippet descriptions of the library, which allows an attacker to cause an application crash by submitting the maliciously large snippet.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json

gitlab.com/gitlab-org/gitlab/-/issues/362566

hackerone.com/reports/1544507

security-tracker.debian.org/tracker/CVE-2022-2592

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.5%

JSON

Related for VERACODE:42438