CVE-2024-42481 HIGH

CVE-2024-42481: Complete crash of host system due to calculateDirectorySize in skyportd

Vendor Skyportlabs
Product skyportd
Weakness CWE-400
Published August 12, 2024
Last update August 13, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport's lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably crashing the system. This is fixed in 0.2.2.

Key dates

02Disclosure timeline

August 12, 2024 CVE published
August 13, 2024 Record updated