rdiffweb allows unlimited length of root directory name, which could result in DoS
High severity
GitHub Reviewed
Published
Sep 27, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Sep 26, 2022
Published to the GitHub Advisory Database
Sep 27, 2022
Reviewed
Sep 30, 2022
Last updated
Jan 29, 2023
rdiffweb prior to 2.4.8 has no limit in length of root directory names. Allowing users to enter long strings may result in a DOS attack or memory corruption. Version 2.4.8 defines a field limit for username, email, and root directory.
References