CVE-2025-32947

Опубликовано: 15 апр. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

Ссылки

https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d
Patch
https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1
Release Notes
https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:framasoft:peertube:*:*:*:*:*:*:*:*

Версия до 7.1.1 (исключая)

EPSS

Процентиль: 3%

0.00017

Низкий

7.5 High

CVSS3

Дефекты

CWE-835

Связанные уязвимости

CVE-2025-32947

CVSS3: 7.5

debian

10 месяцев назад

This vulnerability allows any attacker to cause the PeerTube server to ...

GHSA-3w69-j4hp-rvh4

CVSS3: 7.5

github

10 месяцев назад

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

EPSS

Процентиль: 3%

0.00017

Низкий

7.5 High

CVSS3

Дефекты

CWE-835