CVE-2022-25891

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
containrrrshoutrrr
𝑥
< 0.6.0
𝑥
= Vulnerable software versions
References
https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
https://github.com/containrrr/shoutrrr/issues/240
https://github.com/containrrr/shoutrrr/pull/242
https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
https://github.com/containrrr/shoutrrr/issues/240
https://github.com/containrrr/shoutrrr/pull/242
https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059