Fluid Attacks Database

Description

rdiffweb's lack of token name length limit can result in DoS or memory corruption rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.5.0a3	2.5.0a3

Aliases

1. CVE-2022-33712. NVD-2022-33713. OSV-2022-33714. GCVE-2022-3371

References

1. https://github.com/ikus060/rdiffweb/commit/b62c479ff6979563c7c23e7182942bc4f460a2c72. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-299.yaml3. https://huntr.dev/bounties/4e8f6136-50c7-4fa1-ac98-699bcb7b35ce

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.