Merge pull request #65 from nextcloud-gmbh/sa/588562

2020/034 - Advisory for #588562
author: Joas Schilling <213943+nickvergessen@users.noreply.github.com> 2020-08-05 11:37:09 +0300
committer: GitHub <noreply@github.com> 2020-08-05 11:37:09 +0300
commit: abc9f8811ade0f0dc050d8a596b8cc66e3ae109e (patch)
tree: 41041121e8918d0e084ac9b29429891f1bda4a1f
parent: 2a3c589eeed6851f6aeb3df52ade2d94d3a55954 (diff)
parent: 860f7c5144ef92892f4c0975c9189c7948e7370c (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/desktop/nc-sa-2020-034.json b/desktop/nc-sa-2020-034.json
new file mode 100644
index 0000000..18b314c
--- /dev/null
+++ b/desktop/nc-sa-2020-034.json
@@ -0,0 +1,32 @@
+{
+   "Title": "Memory Leak in OCUtil.dll library in Desktop client can lead to DoS",
+   "Timestamp": 1594382400,
+   "Risk": 1,
+   "CVSS3": {
+      "score": 5.9,
+      "vector": "AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"
+   },
+   "CWE": {
+      "id": 400,
+      "name": "Denial of Service"
+   },
+   "HackerOne": 588562,
+   "Affected":[
+      {
+         "Version":"2.6.5",
+         "CVE":"CVE-2020-8229",
+         "Operator":"<"
+      }
+   ],
+   "Description":"A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.",
+   "ActionTaken": "The error has been fixed.",
+   "Acknowledgment":[
+      {
+         "Name": "Cosmin Craciun",
+         "Mail": "cwaverst@gmail.com",
+         "Company": "Finastra",
+         "Reason": "Vulnerability discovery and disclosure."
+      }
+   ],
+   "Resolution": "It is recommended that the Nextcloud Desktop Client is upgraded to 2.6.5."
+}
author	Joas Schilling <213943+nickvergessen@users.noreply.github.com>	2020-08-05 11:37:09 +0300
committer	GitHub <noreply@github.com>	2020-08-05 11:37:09 +0300
commit	abc9f8811ade0f0dc050d8a596b8cc66e3ae109e (patch)
tree	41041121e8918d0e084ac9b29429891f1bda4a1f
parent	2a3c589eeed6851f6aeb3df52ade2d94d3a55954 (diff)
parent	860f7c5144ef92892f4c0975c9189c7948e7370c (diff)