Description
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/containrrr/shoutrrr/issues/240
Patch, Third Party Advisory x_refsource_misc
https://github.com/containrrr/shoutrrr/pull/242
Patch, Third Party Advisory x_refsource_misc
https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0
Scores
CVSS v3
7.5
EPSS
0.0058
EPSS Percentile
69.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
containrrr/shoutrrr
< 0.6.0
containrrr/shoutrrr
0 - 0.6.0Go
Published
Jul 15, 2022
Tracked Since
Feb 18, 2026