CVE-2022-25891 — Uncontrolled Resource Consumption in Containrrr Shoutrrr PKG Util

CWE-400 — Uncontrolled Resource Consumption5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Containrrr Shoutrrr PKG Util Github.com Containrrr Shoutrrr Containrrr Shoutrrr +3 more

Timeline

PublishedJul 15

Latest updateJul 30

Description

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5github.com/containrrr_shoutrrr_pkg_utilunspecified — 0.6.0

▶Gogithub.com/containrrr_shoutrrr< 0.6.0

▶NVDcontainrrr/shoutrrr< 0.6.0

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Panic on crafted messages in github.com/containrrr/shoutrrr↗2022-07-30

▶

OSV

Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages↗2022-07-16

▶

GHSA

Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages↗2022-07-16

▶

📋Vendor Advisories

Microsoft

Denial of Service (DoS)↗2022-07-12

▶