Vulnerabilities > CVE-2022-25891 - Unspecified vulnerability in Containrrr Shoutrrr
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
Vulnerable Configurations
References
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
- https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
- https://github.com/containrrr/shoutrrr/issues/240
- https://github.com/containrrr/shoutrrr/issues/240
- https://github.com/containrrr/shoutrrr/pull/242
- https://github.com/containrrr/shoutrrr/pull/242
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
- https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059