CVE-2022-35221 - Vulnerability Details - OpenCVE

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00378.

Key SSVC decision points have not yet been added.

Vendors	Products
Teamplus	Team\+ Pro

Configuration 1 [-]

OR	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:android::
	cpe:2.3:a:teamplus:team\+_pro:::::private_cloud:iphone_os::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-38113	Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.

Fixes

Solution

Contact tech support from TEAMPLUS.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2022-08-02T15:20:44.721953Z

Updated: 2024-09-16T22:55:47.003Z

Reserved: 2022-07-05T00:00:00

Link: CVE-2022-35221

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-02T16:15:10.707

Modified: 2024-11-21T07:10:55.227

Link: CVE-2022-35221

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Android"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"platforms": ["iOS"], "product": "Teamplus Pro", "vendor": "TEAMPLUS TECHNOLOGY INC.", "versions": [{"lessThanOrEqual": "3.011.6.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-02T15:20:44", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207005", "discovery": "EXTERNAL"}, "title": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-07-29T07:05:00.000Z", "ID": "CVE-2022-35221", "STATE": "PUBLIC", "TITLE": "TEAMPLUS TECHNOLOGY INC. Teamplus Pro - Allocation of Resources Without Limits or Throttling-2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Teamplus Pro", "version": {"version_data": [{"platform": "Android", "version_affected": "<=", "version_value": "3.011.6.0.1"}, {"platform": "iOS", "version_affected": "<=", "version_value": "3.011.6.0.1"}]}}]}, "vendor_name": "TEAMPLUS TECHNOLOGY INC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from TEAMPLUS."}], "source": {"advisory": "TVN-202207005", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:29:17.389Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-35221", "datePublished": "2022-08-02T15:20:44.721953Z", "dateReserved": "2022-07-05T00:00:00", "dateUpdated": "2024-09-16T22:55:47.003Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:android:*:*", "matchCriteriaId": "266BDB81-BE36-4A9D-BE19-9B96516B4E58", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:teamplus:team\\+_pro:*:*:*:*:private_cloud:iphone_os:*:*", "matchCriteriaId": "3E7BB0AB-B190-4997-9873-4E8C5FA60DED", "versionEndIncluding": "3.011.6.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Teamplus Pro community discussion has an \u2018allocation of resource without limits or throttling\u2019 vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service."}, {"lang": "es", "value": "Teamplus Pro community discussion presenta una vulnerabilidad de \"asignaci\u00f3n de recursos sin l\u00edmites o estrangulamiento\" en el campo de asunto del hilo. Un atacante remoto con privilegio de usuario general que publique un tema de hilo con gran contenido puede causar que el servidor asigne demasiada memoria, conllevando a una p\u00e9rdida de contenido parcial de los mensajes y la interrupci\u00f3n del servicio parcial"}], "id": "CVE-2022-35221", "lastModified": "2024-11-21T07:10:55.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2022-08-02T16:15:10.707", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6360-7bf50-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}