CVE-2022-25891

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25891

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25891.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25891

Aliases

Downstream

AZL-31969

Related

SNYK-GOLANG-GITHUBCOMCONTAINRRRSHOUTRRRPKGUTIL-2849059

Published

2022-07-15T20:15:08.540Z

Modified

2026-04-11T17:20:07.893411Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

References

Affected packages

Git / github.com/containrrr/shoutrrr

Affected ranges

Type

GIT

Repo

https://github.com/containrrr/shoutrrr

Events

Introduced

Fixed

84afd592143a0f94ab415d5d7415b8b0e739dcc4

Fixed

6a27056f9d7522a8b493216195cb7634bf4b5c42

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.6.0"
        }
    ],
    "cpe": "cpe:2.3:a:containrrr:shoutrrr:*:*:*:*:*:*:*:*"
}

Affected versions

v0.*

v0.1

v0.2

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v0.5.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25891.json"