exploitDog

CVE-2022-35221

Опубликовано: 02 авг. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:teamplus:team\+_pro:*:*:*:*:private_cloud:android:*:*

Версия до 3.011.6.0.1 (включая)

cpe:2.3:a:teamplus:team\+_pro:*:*:*:*:private_cloud:iphone_os:*:*

Версия до 3.011.6.0.1 (включая)

EPSS

Процентиль: 59%

0.00378

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-770

CWE-770

Связанные уязвимости

GHSA-qp55-wf2p-vrj5

CVSS3: 5.4

github

больше 3 лет назад

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

EPSS

Процентиль: 59%

0.00378

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-770

CWE-770