Vulnerability Details : CVE-2022-25891
Potential exploit
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
Vulnerability category: Denial of service
Products affected by CVE-2022-25891
- cpe:2.3:a:containrrr:shoutrrr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25891
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25891
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Snyk |
References for CVE-2022-25891
-
https://github.com/containrrr/shoutrrr/issues/240
Sending 2000, 4000 or 6000 characters to Discord panics in util.PartitionMessage (index out of range) · Issue #240 · containrrr/shoutrrr · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
Release v0.6.0 · containrrr/shoutrrr · GitHubRelease Notes;Third Party Advisory
-
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
Denial of Service (DoS) in github.com/containrrr/shoutrrr/pkg/util | CVE-2022-25891 | SnykPatch;Third Party Advisory
-
https://github.com/containrrr/shoutrrr/pull/242
discord message size fixes by piksel · Pull Request #242 · containrrr/shoutrrr · GitHubPatch;Third Party Advisory
-
https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
fix(discord): message size fixes (#242) · containrrr/shoutrrr@6a27056 · GitHubPatch;Third Party Advisory
Jump to