Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1620170 | Exploit Third Party Advisory |
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-09-23T14:13:39
Updated: 2022-09-23T14:13:39
Reserved: 2022-09-21T00:00:00
Link: CVE-2022-3257
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-23T15:15:13.857
Modified: 2022-09-26T22:23:15.227
Link: CVE-2022-3257
JSON object: View
Redhat Information
No data.