CVE-2022-1337 The image proxy in Mattermost 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which can be crashed by links to very large image files.

CVE-2022-1337 The image proxy in Mattermost 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which can be crashed by links to very large image files.

The issue is tracked as CVE-2019-6996 and has been assigned the id MMC-19110206. A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue. The crash could be exploited to cause a Denial of Service (DoS). This issue has been resolved in this release.

Overview of the vulnerability

A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue.

Software version information

The software version that fixes the vulnerability is 4.0.8.

Vulnerability Description

A vulnerability in VMware ESXi 5.1 and ESXi 6.0 could allow a remote attacker to crash the server due to a memory allocation issue.

Installing the Update

A remote attacker could leverage this vulnerability to crash a server. In order to exploit this issue, an attacker would first have to authenticate with the server. After successfully authenticating, an attacker could send a link to a very large image file. If a user were to click on this link, the server would be crashed due to a memory allocation issue. To address this issue, please upgrade your systems running Microsoft Exchange Server 2010 Service Pack 3 (SP3) and Microsoft Exchange Server 2013 Service Pack 2 (SP2) version 15.0 up-to-date patches as soon as possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe