CVE-2025-71377 in stoatchatinfo

Summary

by MITRE • 07/16/2026

stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/16/2026

This vulnerability exists in stoatchat delta versions prior to 20250210-1 (0.8.2) within the query messages route functionality. The core issue manifests as a logic error that fails to properly validate message limit parameters when executing database queries for fetching messages in proximity to a reference message. When an attacker crafts a request specifying a message limit of zero, the system does not appropriately handle this invalid parameter, allowing the database to interpret zero as "no limit" rather than "zero results." This fundamental flaw enables unauthorized remote attackers to exploit the messaging API by sending specially crafted requests that bypass normal query limitations.

The technical implementation of this vulnerability directly relates to CWE-129 Input Validation and CWE-691 Insufficient Control Flow Management. The system fails to validate that message limit values are positive integers greater than zero before passing them to database query execution. This represents a classic case of inadequate parameter validation where the application assumes all inputs will be properly formatted, creating an attack surface that allows for resource exhaustion through excessive query execution. The database layer processes these malformed queries without proper constraints, resulting in unbounded result sets being returned to the client.

The operational impact of this vulnerability is severe and directly translates to denial of service conditions. An attacker can systematically send multiple parallel requests to fetch message history from channels, with each request potentially retrieving thousands or tens of thousands of messages depending on channel size. The cumulative effect of multiple simultaneous requests can overwhelm database resources including memory allocation, CPU processing, and network bandwidth. This creates a resource exhaustion scenario where legitimate users experience degraded service or complete unavailability of messaging functionality. The vulnerability is particularly dangerous because it requires no authentication credentials, making it accessible to any remote attacker with network connectivity to the affected system.

Mitigation strategies for this vulnerability should focus on implementing strict parameter validation at multiple layers of the application architecture. Input sanitization must enforce that message limit parameters are validated as positive integers before database query execution. The system should establish minimum and maximum bounds for message retrieval limits, typically capping requests at reasonable thresholds such as 100-1000 messages per request depending on service requirements. Additionally, rate limiting mechanisms should be implemented to prevent excessive parallel requests from a single IP address or session. Database-level protections including query timeout configurations and resource quotas can provide additional defense in depth. The fix should also include logging and monitoring of unusual query patterns that might indicate exploitation attempts, enabling rapid detection and response to potential attacks targeting this vulnerability.

Responsible

VulnCheck

Reservation

06/20/2026

Disclosure

07/16/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!