CVE-2024-24988

Source
https://cve.org/CVERecord?id=CVE-2024-24988
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24988.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-24988
Aliases
Related
Published
2024-02-29T08:06:28.334Z
Modified
2026-07-15T01:48:51.230568744Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Excessive resource consumption when sending long emoji names in user custom status
Details

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.

Database specific
{
    "cwe_ids": [
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24988.json",
    "cna_assigner": "Mattermost",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "9.2.4"
                },
                {
                    "last_affected": "8.1.8"
                },
                {
                    "last_affected": "9.3.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Database specific
{
    "cpe": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.1.8"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.1.5"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.4"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

@mattermost/client@8.*
@mattermost/client@8.1.1
@mattermost/client@9.*
@mattermost/client@9.1.0
@mattermost/client@9.2.0
@mattermost/types@8.*
@mattermost/types@8.1.1
@mattermost/types@9.*
@mattermost/types@9.1.0
@mattermost/types@9.2.0
Other
cloud-2022-07-20-1
cloud-2022-08-10-1
cloud-2022-09-08-1
cloud-2022-10-06-1
cloud-2022-11-11-1
cloud-2022-11-24-1
cloud-2023-07-26-1
cloud-2023-09-26-1
server/public/v0.*
server/public/v0.0.5
server/public/v0.0.6
server/public/v0.0.7
server/public/v0.0.8
server/public/v0.0.9
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v8.*
v8.1.0
v8.1.0-rc2
v8.1.1
v8.1.1-rc1
v8.1.1-rc2
v8.1.2
v8.1.2-rc1
v8.1.2-rc2
v8.1.3
v8.1.3-rc1
v8.1.3-rc2
v8.1.4
v8.1.4-rc1
v8.1.4-rc2
v8.1.5
v8.1.5-rc1
v8.1.5-rc2
v8.1.6
v8.1.6-rc1
v8.1.7
v8.1.7-rc1
v8.1.7-rc2
v8.1.7-rc3
v8.1.8-rc1
v8.1.8-rc2
v9.*
v9.1.0
v9.1.0-rc1
v9.1.0-rc2
v9.1.1
v9.1.1-rc1
v9.1.2
v9.1.2-rc1
v9.1.3
v9.1.3-rc1
v9.1.4
v9.1.4-rc1
v9.1.5-rc1
v9.2.0
v9.2.0-rc2
v9.2.1
v9.2.2
v9.2.3
v9.2.3-rc1
v9.2.4-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24988.json"