Mattermost Server up to 4.10.3/5.1.1/5.2.1 Image Dimension resource consumption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Mattermost Server up to 4.10.3/5.1.1/5.2.1. It has been declared as problematic. This vulnerability affects an unknown code of the component Image Dimension Handler. Upgrading to version 4.10.4, 5.1.2 or 5.2.2 eliminates this vulnerability.

Field06/19/2020 10:05 PM06/19/2020 10:10 PM10/25/2020 02:22 PM
nameMattermost ServerMattermost ServerMattermost Server
version<=4.10.3/5.1.1/5.2.1<=4.10.3/5.1.1/5.2.1<=4.10.3/5.1.1/5.2.1
componentImage Dimension HandlerImage Dimension HandlerImage Dimension Handler
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.95.95.9
cvss3_meta_tempscore5.65.65.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1592524800 (06/19/2020)1592524800 (06/19/2020)1592524800 (06/19/2020)
urlhttps://mattermost.com/security-updates/https://mattermost.com/security-updates/https://mattermost.com/security-updates/
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version4.10.4/5.1.2/5.2.24.10.4/5.1.2/5.2.24.10.4/5.1.2/5.2.2
cveCVE-2018-21250CVE-2018-21250CVE-2018-21250
seealso156956 156957 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985 156986156956 156957 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985 156986156956 156957 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985 156986
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore6.56.56.5
cwe0400 (denial of service)400 (denial of service)
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
cve_assigned15925248001592524800
cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
confirm_urlhttps://mattermost.com/security-updates/

Do you need the next level of professionalism?

Upgrade your account now!