CVE-2022-1337 — Uncontrolled Resource Consumption in Mattermost

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling7 documents5 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.4%

top 37.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Github.com Mattermost Mattermost-server V6 Mattermost Server

Timeline

PublishedApr 13

Latest updateAug 21

Description

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmattermost/mattermost_server5.37.0 — 5.37.9+3

▶Gogithub.com/mattermost_mattermost-server_v6< 6.4.2

▶CVEListV5mattermost/mattermost6.4 — 6.4.2+3

🔴Vulnerability Details

OSV

Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server↗2024-08-21

▶

OSV

Resource exhaustion in Mattermost↗2022-04-14

▶

GHSA

Resource exhaustion in Mattermost↗2022-04-14

▶

CVEList

OOM DoS in Mattermost image proxy↗2022-04-13

▶

💥Exploits & PoCs

Exploit-DB

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection↗2023-05-23

▶

Exploit-DB

TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)↗2022-09-23

▶