Lucene search

[email protected]CVE-2021-28667

HistoryMar 18, 2021 - 3:15 a.m.

CVE-2021-28667

2021-03-1803:15:12

CWE-835

[email protected]

web.nvd.nist.gov

stackstorm

cve-2021-28667

memory consumption

disk space

python 3.x

locale

utf-8

unicode data

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

Affected configurations

NVD

Node

stackstormstackstormRange<3.4.1

AND

pythonpythonRange<3.0.0

CPENameOperatorVersion
stackstorm:stackstormstackstormlt3.4.1

CPE	Name	Operator	Version
stackstorm:stackstorm	stackstorm	lt	3.4.1

References

stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/

Social References

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for CVE-2021-28667

osv2 nvd1 prion1 github1 cvelist1