diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-08-03 13:16:55 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-08-03 13:29:20 +0300 |
| commit | 860f7c5144ef92892f4c0975c9189c7948e7370c (patch) | |
| tree | 2a7d23b94702b4478d65245c710a4989028f3d48 | |
| parent | 5e4f513a2a78f1c816907e3ddc2755167dcbe86d (diff) | |
Advisory for #588562
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | desktop/nc-sa-2020-034.json | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/desktop/nc-sa-2020-034.json b/desktop/nc-sa-2020-034.json new file mode 100644 index 0000000..18b314c --- /dev/null +++ b/desktop/nc-sa-2020-034.json @@ -0,0 +1,32 @@ +{ + "Title": "Memory Leak in OCUtil.dll library in Desktop client can lead to DoS", + "Timestamp": 1594382400, + "Risk": 1, + "CVSS3": { + "score": 5.9, + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" + }, + "CWE": { + "id": 400, + "name": "Denial of Service" + }, + "HackerOne": 588562, + "Affected":[ + { + "Version":"2.6.5", + "CVE":"CVE-2020-8229", + "Operator":"<" + } + ], + "Description":"A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Cosmin Craciun", + "Mail": "cwaverst@gmail.com", + "Company": "Finastra", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Nextcloud Desktop Client is upgraded to 2.6.5." +} |