CVE-2023-30188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-30188
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://onlyoffice.com Product
https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 Exploit Patch Third Party Advisory
https://github.com/ONLYOFFICE/DocumentServer Product
https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ Product
https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 Not Applicable
https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*
History

21 Aug 2023, 16:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5 		v2 : unknown
v3 : 7.5

18 Aug 2023, 03:19

Type Values Removed Values Added
CPE cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-835
References (MISC) https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a - (MISC) https://github.com/ONLYOFFICE/core/commit/2b6ad83b36afd9845085b536969d366d1d61150a - Patch, Vendor Advisory
References (MISC) https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 - (MISC) https://gist.github.com/merrychap/25eba8c4dd97c9e545edad1b8f0eadc2 - Exploit, Patch, Third Party Advisory
References (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 - (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp#L110 - Not Applicable
References (MISC) https://github.com/ONLYOFFICE/DocumentServer - (MISC) https://github.com/ONLYOFFICE/DocumentServer - Product
References (MISC) http://onlyoffice.com - (MISC) http://onlyoffice.com - Product
References (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ - (MISC) https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a86168327a46db91253cf6bb205d/DesktopEditor/doctrenderer/ - Product

14 Aug 2023, 13:26

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-14 13:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-30188

Mitre link : CVE-2023-30188

CVE.ORG link : CVE-2023-30188

JSON object : View

Products Affected

onlyoffice

  • document_server
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')