Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
References
Configurations
History
21 Nov 2024, 07:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://onlyoffice.com - Product | |
References | () https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 - Exploit, Patch, Third Party Advisory | |
References | () https://github.com/ONLYOFFICE/DocumentServer - Product | |
References | () https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ - Product | |
References | () https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 - Not Applicable | |
References | () https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a - Patch, Vendor Advisory |
21 Aug 2023, 16:57
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
18 Aug 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Onlyoffice
Onlyoffice document Server |
|
References | (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ - Product | |
References | (MISC) https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a - Patch, Vendor Advisory | |
References | (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 - Not Applicable | |
References | (MISC) http://onlyoffice.com - Product | |
References | (MISC) https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://github.com/ONLYOFFICE/DocumentServer - Product | |
CPE | cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:* | |
CWE | CWE-835 |
14 Aug 2023, 13:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 13:15
Updated : 2024-11-21 07:59
NVD link : CVE-2023-30188
Mitre link : CVE-2023-30188
CVE.ORG link : CVE-2023-30188
JSON object : View
Products Affected
onlyoffice
- document_server
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')