CVE-2022-39346
Missing length validation of user displayname in nextcloud server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
El servidor Nextcloud es un servidor en la nube personal de código abierto. Las versiones afectadas del servidor nextcloud no limitaban adecuadamente los nombres para mostrar de los usuarios, lo que podría permitir que usuarios malintencionados sobrecarguen la base de datos de respaldo y provoquen una denegación de servicio. Se recomienda actualizar el servidor Nextcloud a 22.2.10, 23.0.7 o 24.0.3. No se conocen workarounds para este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-11-25 CVE Published
- 2024-07-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/nextcloud/server/pull/33052 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nextcloud Search vendor "Nextcloud" | Nextcloud Enterprise Server Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" | < 22.2.10 Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" and version " < 22.2.10" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Enterprise Server Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" | >= 23.0.0 < 23.0.7 Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" and version " >= 23.0.0 < 23.0.7" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Enterprise Server Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" | >= 24.0.0 < 24.0.3 Search vendor "Nextcloud" for product "Nextcloud Enterprise Server" and version " >= 24.0.0 < 24.0.3" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | < 22.2.10 Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 22.2.10" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 23.0.0 < 23.0.7 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 23.0.0 < 23.0.7" | - |
Affected
| ||||||
| Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 24.0.0 < 24.0.3 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 24.0.0 < 24.0.3" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||