One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3991144 |
| Date de publication | 2022-01-18 22:15:07 (vue: 2022-01-19 00:06:13) |
| Titre | CVE-2022-21688 |
| Texte | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing. Roughly 20 bytes lead to 2GB memory consumption and this can be triggered multiple times. To be abused, this vulnerability requires rendering in the history tab, so some user interaction is required. An adversary with knowledge of the Onion service address in public mode or with authentication in private mode can perform a Denial of Service attack, which quickly results in out-of-memory for the server. This requires the desktop application with rendered history, therefore the impact is only elevated. This issue has been patched in version 2.5. |
| Envoyé | Oui |
| Condensat | 2022 21688 2gb abused address adversary affected anonymously application attack authentication been bytes can chat consumption cve denial desktop elevated files found friends has history host image impact interaction issue knowledge lead lets memory mode multiple network onion onionshare only open out parsing patched perform private public quickly rendered rendering required requires results roughly securely server service share some source tab therefore times tool tor triggered undisclosed user using version versions vulnerability vulnerable websites which |
| Tags | Tool Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.