Allocation of Resources Without Limits or Throttling Affecting rdiffweb package, versions [,2.4.8)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.09% (37th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-RDIFFWEB-3033898
- published 27 Sep 2022
- disclosed 27 Sep 2022
- credit Nehalr777
Introduced: 27 Sep 2022
CVE-2022-3298 Open this link in a new tabHow to fix?
Upgrade rdiffweb
to version 2.4.8 or higher.
Overview
rdiffweb is an A web interface to rdiff-backup repositories.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient checks in user input parameters, by allowing an attacker to set a title
with long string while adding a SSH key, leading to memory corruption/possible DOS attack.