Miggo Logo

CVE-2022-3295: rdiffweb allows unlimited length of root directory name, which could result in DoS

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.15928%
Published
9/27/2022
Updated
10/25/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
rdiffwebpip>= 0, < 2.4.82.4.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from missing length validation on the root directory field in administrative user management. The commit adds length validators to UserForm's user_root field (max=260) and related tests. The pre-patch version of UserForm in page_admin.py contained the vulnerable field definition without constraints. The process_formdata method would process unchecked user input for this field. The tests added in test_page_admin.py (test_add_with_user_root_too_long) specifically validate this fix, confirming the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

r*i**w** prior to *.*.* **s no limit in l*n*t* o* root *ir**tory n*m*s. *llowin* us*rs to *nt*r lon* strin*s m*y r*sult in * *OS *tt**k or m*mory *orruption. V*rsion *.*.* ***in*s * *i*l* limit *or us*rn*m*, *m*il, *n* root *ir**tory.

Reasoning

T** vuln*r**ility st*mm** *rom missin* l*n*t* v*li**tion on t** root *ir**tory *i*l* in **ministr*tiv* us*r m*n***m*nt. T** *ommit ***s l*n*t* v*li**tors to Us*r*orm's us*r_root *i*l* (m*x=***) *n* r*l*t** t*sts. T** pr*-p*t** v*rsion o* Us*r*orm in