Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.
History

Sat, 07 Dec 2024 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2022-09-09T14:39:51

Updated: 2024-12-06T23:08:00.683Z

Reserved: 2022-09-07T00:00:00

Link: CVE-2022-3147

cve-icon Vulnrichment

Updated: 2024-08-03T01:00:10.674Z

cve-icon NVD

Status : Modified

Published: 2022-09-09T15:15:15.010

Modified: 2024-11-21T07:18:55.493

Link: CVE-2022-3147

cve-icon Redhat

No data.