Home > Vulnerability Database > CVE-2023-30082

Mend.io Vulnerability Database

CVE-2023-30082

Good to know:

Date: June 14, 2023

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.

Language: PHP

Severity Score

7.5

Related Resources (4)

Url: https://blog.manavparekh.com/2023/06/cve-2023-30082.html

Url: https://github.com/manavparekh/CVEs/blob/main/CVE-2023-30082/Steps%20to%20reproduce.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30082

Url: https://www.mend.io/vulnerability-database/CVE-2023-30082

Severity Score

7.5

Weakness Type (CWE)

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

Upgrade Version

Upgrade to version 1.17.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30082

Good to know:

Date: June 14, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?