Skip to content

x/vulndb: potential Go vuln in github.com/containrrr/shoutrrr: CVE-2022-25891 #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jba opened this issue Jul 15, 2022 · 0 comments
Open

x/vulndb: potential Go vuln in github.com/containrrr/shoutrrr: CVE-2022-25891 #380

jba opened this issue Jul 15, 2022 · 0 comments
Labels
cve-year-2022

Comments

@jba
Copy link
Owner

jba commented Jul 15, 2022

CVE-2022-25891 references github.com/containrrr/shoutrrr, which may be a Go module.

Description:
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

Links:

See doc/triage.md for instructions on how to triage this report.

module: github.com/containrrr/shoutrrr
package: github.com/containrrr/shoutrrr/pkg/util
description: |+
    The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

cves:
  - CVE-2022-25891
credit: justinsteven
links:
    pr: https://github.com/containrrr/shoutrrr/pull/242
    commit: https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
    context:
      - https://github.com/containrrr/shoutrrr/issues/240
      - https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
      - https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve-year-2022
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jba