CVE-2023-28644

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28644

Aliases

GHSA-9wmj-gp8v-477j

Published

2023-03-30T18:36:27.380Z

Modified

2026-04-02T08:48:50.499595Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server

Details

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28644.json",
    "cwe_ids": [
        "CWE-400"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

20ea9a25353129b56d46951fe7d23939665ab2b2

Fixed

494a0c1073b460d4d2a5c03ff3567fc388b91e36

Affected versions

v25.*

v25.0.0

v25.0.1

v25.0.1rc1

v25.0.2

v25.0.2rc1

v25.0.2rc2

v25.0.2rc3

v25.0.3rc1

v25.0.3rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28644.json"