CVE-2022-3272: rdiffweb's unlimited length email field can lead to DoS

September 27, 2022 (updated September 30, 2022)

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

References

github.com/advisories/GHSA-qrj3-hrgj-fm7r
github.com/ikus060/rdiffweb/commit/667657c6fe2b336c90be37f37fb92f65df4feee3
github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-291.yaml
huntr.dev/bounties/733678b9-daa1-4d6a-875a-382fa09a6e38
nvd.nist.gov/vuln/detail/CVE-2022-3272

Detect and mitigate CVE-2022-3272 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →