CVE-2022-35220 - OpenCVE

Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Teamplus	Team\+ Pro

Configuration 1 [-]

OR	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os::

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2022-07-29T00:00:00

Updated: 2022-08-02T15:20:32

Reserved: 2022-07-05T00:00:00

Link: CVE-2022-35220

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-02T16:15:10.597

Modified: 2022-08-08T17:18:16.000

Link: CVE-2022-35220

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"platforms": ["Android"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["iOS"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion function has an \u2018allocation of resource without limits or throttling\u2019 vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client\u2019s Teamplus Pro application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-02T15:20:32", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207004", "discovery": "EXTERNAL"}, "title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-07-29T07:05:00.000Z", "ID": "CVE-2022-35220", "STATE": "PUBLIC", "TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-1"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Teamplus Pro", "version": {"version_data": [{"platform": "Android", "version_affected": "<=", "version_value": "3.011.6.0.1"}, {"platform": "iOS", "version_affected": "<=", "version_value": "3.011.6.0.1"}]}}]}, "vendor_name": "TEAMPLUS TECHNOLOGY INC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Teamplus Pro community discussion function has an \u2018allocation of resource without limits or throttling\u2019 vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client\u2019s Teamplus Pro application."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207004", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-35220", "datePublished": "2022-07-29T00:00:00", "dateReserved": "2022-07-05T00:00:00", "dateUpdated": "2022-08-02T15:20:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:android:*:*", "matchCriteriaId": "266BDB81-BE36-4A9D-BE19-9B96516B4E58", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*", "matchCriteriaId": "3E7BB0AB-B190-4997-9873-4E8C5FA60DED", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion function has an \u2018allocation of resource without limits or throttling\u2019 vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client\u2019s Teamplus Pro application."}, {"lang": "es", "value": "La funci\u00f3n community discussion de Teamplus Pro, presenta una vulnerabilidad de \"asignaci\u00f3n de recursos sin l\u00edmites o estrangulamiento\". Un atacante remoto con privilegio de usuario general que publique un hilo con gran contenido puede causar que el dispositivo cliente receptor asigne demasiada memoria, conllevando a una terminaci\u00f3n anormal de la aplicaci\u00f3n Teamplus Pro de este cliente"}], "id": "CVE-2022-35220", "lastModified": "2022-08-08T17:18:16.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2022-08-02T16:15:10.597", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6359-f5d1c-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}