CVE-2024-46935

HIGH

Rocket.Chat < 6.7.9 - Denial of Service via Message Parser

Title source: llm
STIX 2.1

Description

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

Scores

CVSS v3 7.5
EPSS 0.0059
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (3)
rocket.chat/message-parser 0 - 0.31.30npm
rocket.chat/rocket.chat 6.12.0 (7 CPE variants)
rocket.chat/rocket.chat < 6.7.9
Published Sep 25, 2024
Tracked Since Feb 18, 2026