Vulnerability Details CVE-2022-25891
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
- https://github.com/containrrr/shoutrrr/issues/240
- https://github.com/containrrr/shoutrrr/pull/242
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
- https://github.com/containrrr/shoutrrr/issues/240
- https://github.com/containrrr/shoutrrr/pull/242
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
Products affected by CVE-2022-25891
-
cpe:2.3:a:containrrr:shoutrrr:-
-
cpe:2.3:a:containrrr:shoutrrr:0.1
-
cpe:2.3:a:containrrr:shoutrrr:0.2
-
cpe:2.3:a:containrrr:shoutrrr:0.3.0
-
cpe:2.3:a:containrrr:shoutrrr:0.4.0
-
cpe:2.3:a:containrrr:shoutrrr:0.4.1
-
cpe:2.3:a:containrrr:shoutrrr:0.4.2
-
cpe:2.3:a:containrrr:shoutrrr:0.4.3
-
cpe:2.3:a:containrrr:shoutrrr:0.4.4
-
cpe:2.3:a:containrrr:shoutrrr:0.5.0
-
cpe:2.3:a:containrrr:shoutrrr:0.5.1
-
cpe:2.3:a:containrrr:shoutrrr:0.5.2
-
cpe:2.3:a:containrrr:shoutrrr:0.5.3