CVE-2020-10101

Published: Mar 5, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.

Affected (1)

Products: Zammad: Zammad

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zammad Zammad	From 1.0.0 to 3.2.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://zammad.com/news/security-advisory-zaa-2020-06

Source: cve@mitre.org

PatchVendor Advisory

https://zammad.com/news/security-advisory-zaa-2020-06

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.