Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | CWE-770 | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-03-15T09:11:21.446Z
Updated: 2024-08-01T19:11:53.477Z
Reserved: 2024-03-14T12:09:07.848Z
Link: CVE-2024-2446
Vulnrichment
Updated: 2024-08-01T19:11:53.477Z
NVD
Status : Analyzed
Published: 2024-03-15T10:15:08.230
Modified: 2024-12-13T16:39:51.233
Link: CVE-2024-2446
Redhat
No data.