CVE-2022-3257: Server-side Denial of Service while processing a specifically crafted GIF file
First published: Fri Sep 23 2022(Updated: )
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost Server | <7.2.0 |
Remedy
Update Mattermost to version v7.2 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Mattermost vulnerability?
The vulnerability ID for this Mattermost vulnerability is CVE-2022-3257.
What is the severity of CVE-2022-3257?
The severity of CVE-2022-3257 is medium, with a severity value of 6.5.
What is the impact of CVE-2022-3257?
CVE-2022-3257 can result in server-side Denial of Service by causing resource exhaustion while processing a specifically crafted GIF file.
How does CVE-2022-3257 affect Mattermost?
CVE-2022-3257 affects Mattermost version 7.1.x and earlier.
How can I fix CVE-2022-3257 in Mattermost?
To fix CVE-2022-3257 in Mattermost, upgrade to version 7.2.0 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/mattermost
- canonical/mattermost mattermost server