CVE-2022-1337 MEDIUM

CVE-2022-1337: OOM DoS in Mattermost image proxy

Vendor Mattermost
Product Mattermost
Weakness CWE-400
Published April 13, 2022
Last update December 6, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.

Key dates

02Disclosure timeline

April 13, 2022 CVE published
December 6, 2024 Record updated