CVE-2022-3364

Published: Sep 29, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

Affected (3)

Products: Ikus Soft: Rdiffweb

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ikus Soft Rdiffweb	Up to 2.4.9
Ikus Soft Rdiffweb	Version 2.5.0 alpha1
Ikus Soft Rdiffweb	Version 2.5.0 alpha2

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

https://github.com/ikus060/rdiffweb/commit/b62c479ff6979563c7c23e7182942bc4f460a2c7

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/e70ad507-1424-463b-bdf1-c4a6fbe6e720

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/ikus060/rdiffweb/commit/b62c479ff6979563c7c23e7182942bc4f460a2c7

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/e70ad507-1424-463b-bdf1-c4a6fbe6e720

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.