CVE-2022-0904
Stack overflow in document extractor in Mattermost
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.
Un bug de desbordamiento de pila en el extractor de documentos de Mattermost Server en versiones hasta 6.3.2 incluyéndola, permite a un atacante bloquear el servidor por medio del envío de un documento de Apple Pages diseñado de forma maliciosa
*Credits:
Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-09 CVE Reserved
- 2022-03-09 CVE Published
- 2023-09-30 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://mattermost.com/security-updates | 2022-03-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | >= 5.0.0 < 5.37.8 Search vendor "Mattermost" for product "Mattermost Server" and version " >= 5.0.0 < 5.37.8" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | >= 6.0.0 < 6.1.3 Search vendor "Mattermost" for product "Mattermost Server" and version " >= 6.0.0 < 6.1.3" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | >= 6.2.0 < 6.2.3 Search vendor "Mattermost" for product "Mattermost Server" and version " >= 6.2.0 < 6.2.3" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | >= 6.3.0 < 6.3.3 Search vendor "Mattermost" for product "Mattermost Server" and version " >= 6.3.0 < 6.3.3" | - |
Affected
| ||||||