CVE-2025-46556
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-46556
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46556.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-46556
- Aliases
- Published
- 2025-11-04T00:20:28Z
- Modified
- 2025-11-09T05:15:27.300337Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length
- Details
-
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2.
- Database specific
{ "cwe_ids": [ "CWE-770" ] }- References
-
- https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
- https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
- https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
- https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
Affected packages
Git / github.com/mantisbt/mantisbt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mantisbt/mantisbt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release-1.*
release-1.2.0a1
release-1.2.0a2
release-1.2.0a3
release-1.2.0rc1
release-1.3.0
release-1.3.0-beta.1
release-1.3.0-beta.2
release-1.3.0-beta.3
release-1.3.0-rc.1
release-1.3.0-rc.2
release-1.3.1
release-1.3.2
release-1.3.3
release-1.3.4
release-1.3.5
release-1.3.6
release-2.*
release-2.0.0
release-2.0.0-beta.1
release-2.0.0-beta.2
release-2.0.0-beta.3
release-2.0.0-rc.1
release-2.0.0-rc.2
release-2.1.0
release-2.1.1
release-2.10.0
release-2.11.0
release-2.12.0
release-2.13.0
release-2.13.1
release-2.14.0
release-2.15.0
release-2.16.0
release-2.17.0
release-2.17.1
release-2.18.0
release-2.19.0
release-2.2.0
release-2.2.1
release-2.2.2
release-2.20.0
release-2.21.0
release-2.21.1
release-2.21.2
release-2.22.0
release-2.22.1
release-2.23.0
release-2.23.1
release-2.24.0
release-2.24.1
release-2.24.2
release-2.24.3
release-2.24.4
release-2.24.5
release-2.25.0
release-2.25.1
release-2.25.2
release-2.25.3
release-2.25.4
release-2.25.5
release-2.25.6
release-2.25.7
release-2.25.8
release-2.26.0
release-2.26.1
release-2.26.2
release-2.26.3
release-2.26.4
release-2.27.0
release-2.27.1
release-2.3.0
release-2.3.1
release-2.3.2
release-2.4.0
release-2.4.1
release-2.5.0
release-2.5.1
release-2.6.0
release-2.7.0
release-2.8.0
release-2.9.0