CVE-2023-28644

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28644
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28644.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28644
Related
  • GHSA-9wmj-gp8v-477j
Published
2023-03-30T19:15:06Z
Modified
2025-01-14T11:46:26.050470Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
20ea9a25353129b56d46951fe7d23939665ab2b2
Fixed
494a0c1073b460d4d2a5c03ff3567fc388b91e36

Affected versions

v25.*

v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3
v25.0.3rc1
v25.0.3rc2