Skip to main content

Rdiffweb CVE-2022-3273

CRITICAL
Allocation of Resources Without Limits or Throttling (CWE-770)
2022-10-06 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 06, 2022 - 18:16 nvd
CRITICAL 9.8

DescriptionNVD

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

AnalysisAI

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Affected products include: Ikus-Soft Rdiffweb. Version information: prior to 2.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

CVE-2022-4724 CRITICAL POC
9.8 Dec 27

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this v

CVE-2022-4719 CRITICAL POC
9.8 Dec 27

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vul

CVE-2022-4314 CRITICAL POC
9.8 Dec 12

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. Rated critical severity (CVSS 9.8),

CVE-2022-3362 CRITICAL POC
9.8 Nov 14

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8)

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-5289 HIGH POC
8.8 Sep 29

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. Rated high se

CVE-2022-3221 HIGH POC
8.8 Sep 15

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. Rated high severity (CVSS 8.8),

CVE-2022-3179 HIGH POC
8.8 Sep 13

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 8.8), this vu

CVE-2022-3167 HIGH POC
8.8 Sep 08

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. Rated high se

CVE-2022-3389 HIGH POC
7.5 Oct 06

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-3371 HIGH POC
7.5 Sep 30

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Rated high

CVE-2022-3364 HIGH POC
7.5 Sep 29

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. Rated high

Share

CVE-2022-3273 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy