CVE-2023-22819 — Allocation of Resources Without Limits or Throttling in IBI

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-400 — Uncontrolled Resource Consumption2 documents2 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 53.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sandisk IBI Western Digital MY Cloud Home DUO Western Digital MY Cloud OS 5 +12 more

Timeline

PublishedFeb 5

Latest updateFeb 6

Description

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages15 packages

▶CVEListV5western_digital/my_cloud_home_duo< 9.5.1-104

▶NVDwesterndigital/my_cloud_home_firmware< 9.5.1-104

▶NVDwesterndigital/my_cloud_home_duo_firmware< 9.5.1-104

▶CVEListV5western_digital/my_cloud_os_5< 5.27.161

▶NVDwesterndigital/wd_cloud_firmware< 5.27.161

🔴Vulnerability Details

GHSA

GHSA-4m5c-7v8f-8p2q: An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory↗2024-02-06

▶