CVE-2022-35221 - OpenCVE

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Teamplus	Team\+ Pro

Configuration 1 [-]

OR	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os::

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2022-07-29T00:00:00

Updated: 2022-08-02T15:20:44

Reserved: 2022-07-05T00:00:00

Link: CVE-2022-35221

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-02T16:15:10.707

Modified: 2022-08-08T17:24:37.473

Link: CVE-2022-35221

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"platforms": ["Android"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["iOS"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-02T15:20:44", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207005", "discovery": "EXTERNAL"}, "title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-07-29T07:05:00.000Z", "ID": "CVE-2022-35221", "STATE": "PUBLIC", "TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Teamplus Pro", "version": {"version_data": [{"platform": "Android", "version_affected": "<=", "version_value": "3.011.6.0.1"}, {"platform": "iOS", "version_affected": "<=", "version_value": "3.011.6.0.1"}]}}]}, "vendor_name": "TEAMPLUS TECHNOLOGY INC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207005", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-35221", "datePublished": "2022-07-29T00:00:00", "dateReserved": "2022-07-05T00:00:00", "dateUpdated": "2022-08-02T15:20:44", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:android:*:*", "matchCriteriaId": "266BDB81-BE36-4A9D-BE19-9B96516B4E58", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*", "matchCriteriaId": "3E7BB0AB-B190-4997-9873-4E8C5FA60DED", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}, {"lang": "es", "value": "Teamplus Pro community discussion presenta una vulnerabilidad de \"asignaci\u00f3n de recursos sin l\u00edmites o estrangulamiento\" en el campo de asunto del hilo. Un atacante remoto con privilegio de usuario general que publique un tema de hilo con gran contenido puede causar que el servidor asigne demasiada memoria, conllevando a una p\u00e9rdida de contenido parcial de los mensajes y la interrupci\u00f3n del servicio parcial"}], "id": "CVE-2022-35221", "lastModified": "2022-08-08T17:24:37.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2022-08-02T16:15:10.707", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}