This issue could potentially result in denial of service via application crash, or potentially remote code execution.
Bento4 v1.6.0-638 was discovered to contain a memory exhaustion issue.
Bento4 v1.6.0-637 was discovered to be vulnerable to a stack overflow due to improper validation of user-supplied input in the handling of file uploads.
Bento4 v1.6.0-635 was discovered to be vulnerable to a stack overflow due to improper validation of user-supplied input in the handling of remote file uploads.
Bento4 v1.6.0-634 was discovered to be vulnerable to a memory leak.
Bento4 v1.6.0-633 was discovered to be vulnerable to a crafted file upload.
Bento4 v1.6.0-632 was discovered to be vulnerable to a denial of service due to excessive memory consumption.
Bento4 v1.6.0-631 was discovered to be vulnerable to a denial of service due to excessive memory consumption.
Bento4 v1.6.0-630 was discovered to be vulnerable to a denial of service due to excessive memory consumption.
Bento4 v1.6.0-629 was discovered to be vulnerable to a denial of service due to excessive memory consumption.
Bento4 v1.6
Overview
Bento4 is a lightweight, open source and cross-platform application that helps you organize and manage the contents of your digital life. It's a powerful tool for personal productivity, collaboration, and communication with others - especially in the world of work.
Summary of the security issues
Bento4 v1.6 was discovered to be vulnerable to a stack overflow due to improper validation of user-supplied input, a denial of service due to excessive memory consumption, and information disclosure in the handling of file uploads.
Security Weakness - Denial of Service (DoS) CVE-2022-41430
This issue could potentially result in denial of service via application crash, or potentially remote code execution.
What is Bento4?
Bento4 is a web application built with React and Redux to help you create a responsive web app. It provides drag-and-drop features, multiple user roles, file uploads, and more.
The application has been tested thoroughly against many different types of injections, including common SQLi/XMLi injections and as well as remote file uploads. Injection tests are done using the OWASP ZAP framework.
Installation and Configuration
The following steps will guide you through the installation and configuration of Bento4.
Timeline
Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/03/2022 18:32:00 UTC