CVE-2022-0903 — Out-of-bounds Write in Mattermost

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3CISA8.8

EPSS

0.3%

top 50.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Server

Timeline

PublishedMar 10

Latest updateMar 25

Description

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmattermost/mattermost_server6.0.0 — 6.1.3+3

▶CVEListV5mattermost/mattermost6.3 — 6.3.3+3

🔴Vulnerability Details

GHSA

GHSA-8wqp-c6pq-684g: A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6↗2022-03-11

▶

CVEList

Stack overflow in SAML login in Mattermost↗2022-03-09

▶

📋Vendor Advisories

CISA

Microsoft GDI Remote Code Execution Vulnerability↗2022-03-25

▶