CVE-2022-25891

HIGH

containrrr/shoutrrr < 0.6.0 - Denial of Service via util.PartitionMessage Function

Title source: llm

Description

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

References (5)

Core 5

Core References

Patch, Third Party Advisory x_refsource_misc

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/containrrr/shoutrrr/issues/240

Patch, Third Party Advisory x_refsource_misc

https://github.com/containrrr/shoutrrr/pull/242

Patch, Third Party Advisory x_refsource_misc

https://github.com/containrrr/shoutrrr/commit/6a27056f9d7522a8b493216195cb7634bf4b5c42

View Patch ZIP pw:eip

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/containrrr/shoutrrr/releases/tag/v0.6.0

Scores

CVSS v3 7.5

EPSS 0.0127

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (2)

containrrr/shoutrrr < 0.6.0

containrrr/shoutrrr 0 - 0.6.0Go

Published Jul 15, 2022

Tracked Since Feb 18, 2026