CVE-2023-36461 (mastodon)

Jul 17, 2023 06:00 am Cyber Security 75

CVE-2023-36461 Detail




Description


Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.



Severity



CVSS Version 3.x CVSS Version 2.0
CVSS 3.x Severity and Metrics:
CVSS 2.0 Severity and Metrics:



References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].




Weakness Enumeration


CWE-ID
CWE Name
Source
CWE-770
Allocation of Resources Without Limits or Throttling
GitHub, Inc.  

Change History


2 change records found show changes




Quick Info


CVE Dictionary Entry: 36461 mastodon
Read The Rest from the original source
nvd.nist.gov

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!