Bug 2092758 (CVE-2022-29243) - CVE-2022-29243 nextcloud: unbounded app password length can lead to DoS
Summary: CVE-2022-29243 nextcloud: unbounded app password length can lead to DoS
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2022-29243
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2092759 2092760
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-06-02 07:57 UTC by TEJ RATHI
Modified: 2022-06-02 10:42 UTC (History)
2 users (show)

Fixed In Version: nextcloud 22.2.7, nextcloud 23.0.4
Doc Type: ---
Doc Text:
A flaw was found in nextcloud server where missing input size validation of new session names allows users to create app passwords with long names which are then loaded into memory on usage, resulting in impacted performance, and allowing an attacker to perform a denial of service attack.
Clone Of:
Environment:
Last Closed: 2022-06-02 10:42:54 UTC


Attachments (Terms of Use)

Description TEJ RATHI 2022-06-02 07:57:46 UTC
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available.

https://github.com/nextcloud/server/pull/31658
https://hackerone.com/reports/1153138
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w

Comment 1 TEJ RATHI 2022-06-02 07:58:10 UTC
Created nextcloud tracking bugs for this issue:

Affects: epel-all [bug 2092760]
Affects: fedora-all [bug 2092759]

Comment 2 Product Security DevOps Team 2022-06-02 10:42:52 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.