CVE-2022-3371 – rdiffweb

Package

Manager: pip
Name: rdiffweb
Vulnerable Version: >=0 <2.5.0a3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0042 pctl0.6114

Details

rdiffweb's lack of token name length limit can result in DoS or memory corruption rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the `Token name` parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue.

Metadata

Created: 2022-10-01T00:00:21Z
Modified: 2024-10-25T21:39:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-3fhq-72hw-jqwv/GHSA-3fhq-72hw-jqwv.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-3fhq-72hw-jqwv
Finding: F067
Auto approve: 1