Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
References
History

Fri, 13 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost Server
Weaknesses CWE-770
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.3.0:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost Server

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-02-29T10:42:41.576Z

Updated: 2024-08-16T20:58:25.047Z

Reserved: 2024-02-27T19:37:27.574Z

Link: CVE-2024-1953

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.642Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-29T11:15:08.413

Modified: 2024-12-13T17:09:21.973

Link: CVE-2024-1953

cve-icon Redhat

No data.