diff options
author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2020-08-05 11:37:09 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-05 11:37:09 +0300 |
commit | abc9f8811ade0f0dc050d8a596b8cc66e3ae109e (patch) | |
tree | 41041121e8918d0e084ac9b29429891f1bda4a1f | |
parent | 2a3c589eeed6851f6aeb3df52ade2d94d3a55954 (diff) | |
parent | 860f7c5144ef92892f4c0975c9189c7948e7370c (diff) |
Merge pull request #65 from nextcloud-gmbh/sa/588562
2020/034 - Advisory for #588562
-rw-r--r-- | desktop/nc-sa-2020-034.json | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/desktop/nc-sa-2020-034.json b/desktop/nc-sa-2020-034.json new file mode 100644 index 0000000..18b314c --- /dev/null +++ b/desktop/nc-sa-2020-034.json @@ -0,0 +1,32 @@ +{ + "Title": "Memory Leak in OCUtil.dll library in Desktop client can lead to DoS", + "Timestamp": 1594382400, + "Risk": 1, + "CVSS3": { + "score": 5.9, + "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" + }, + "CWE": { + "id": 400, + "name": "Denial of Service" + }, + "HackerOne": 588562, + "Affected":[ + { + "Version":"2.6.5", + "CVE":"CVE-2020-8229", + "Operator":"<" + } + ], + "Description":"A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Cosmin Craciun", + "Mail": "cwaverst@gmail.com", + "Company": "Finastra", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Nextcloud Desktop Client is upgraded to 2.6.5." +} |