Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24741: Prevent loading images that would require too much memory. by fancycode · Pull Request #30291 · nextcloud/server

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the 'enable_previews' config flag.

CVE
#dos

For most image formats, the header specifies the width/height. PHP allocates an image object from that size, even if the actual
image data is much smaller. This image object size is not limited by the limit configured in PHP.

The memory limit can be configured through config setting “preview_max_memory” and defaults to 128 MBytes which should be enough for most images without filling up all memory.

Signed-off-by: Joachim Bauch [email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907