CVE-2022-3273

Published: Oct 6, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

Affected (4)

Products: Ikus Soft: Rdiffweb

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ikus Soft Rdiffweb	Up to 2.4.10
Ikus Soft Rdiffweb	Version 2.5.0 alpha1
Ikus Soft Rdiffweb	Version 2.5.0 alpha2
Ikus Soft Rdiffweb	Version 2.5.0 alpha3

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.