CVE-2022-24741

Summary

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the 'enable_previews' config flag.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 21.0.8affected
nextcloudsecurity-advisories>= 22.0.0, < 22.2.4affected
nextcloudsecurity-advisories>= 23.0.0, < 23.0.1affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References