CVE-2022-2883
published 2023-02-22CVE-2022-2883: In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.01%
58.9th percentile
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | < 2022.3.11043 | 2022.3.11043 |
| octopus | octopus_server | >= 2022.4.0 < 2022.4.8401 | 2022.4.8401 |
| octopus_deploy | octopus_server | >= 0.9 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= 2022.4.791 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2022.3.11043 | 2022.3.11043 |
| octopus_deploy | octopus_server | >= unspecified < 2022.4.8401 | 2022.4.8401 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cisa7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Octopus Deploy ZIP File denial of service (EUVD-2022-35115)
vuldb·2026-05-28·CVSS 7.5
CVE-2022-2883 [HIGH] Octopus Deploy ZIP File denial of service (EUVD-2022-35115)
A vulnerability was found in Octopus Deploy and classified as problematic. This issue affects some unknown processing of the component ZIP File Handler. The manipulation results in denial of service.
This vulnerability is known as CVE-2022-2883. Access to the local network is required for this attack. No exploit is available.
GHSA
GHSA-x9cj-w6h9-jcrq: In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
ghsa_unreviewed·2023-02-22
CVE-2022-2883 [HIGH] CWE-434 GHSA-x9cj-w6h9-jcrq: In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CISA
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
cisa·2022-06-08·CVSS 7.3
CVE-2010-2883 [HIGH] CWE-119 Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Vulnerability: Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affected: Adobe Acrobat and Reader
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-2883
Remediation Due Date: 2022-06-22
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-22
Published