Vulnerability Description
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Containrrr | Shoutrrr | < 0.6.0 |
References
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bfPatchThird Party Advisory
- https://github.com/containrrr/shoutrrr/issues/240ExploitIssue TrackingPatch
- https://github.com/containrrr/shoutrrr/pull/242PatchThird Party Advisory
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0Release NotesThird Party Advisory
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059PatchThird Party Advisory
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bfPatchThird Party Advisory
- https://github.com/containrrr/shoutrrr/issues/240ExploitIssue TrackingPatch
- https://github.com/containrrr/shoutrrr/pull/242PatchThird Party Advisory
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0Release NotesThird Party Advisory
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059PatchThird Party Advisory
FAQ
What is CVE-2022-25891?
CVE-2022-25891 is a vulnerability with a CVSS score of 7.5 (HIGH). The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending ...
How severe is CVE-2022-25891?
CVE-2022-25891 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25891?
Check the references section above for vendor advisories and patch information. Affected products include: Containrrr Shoutrrr.