Description
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding.

This issue affects DivvyDrive: from 4.8.2.19 before 4.8.3.2.
Published: 2026-05-07
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

DivvyDrive receives input that determines which object attributes are allocated. The lack of proper validation allows an attacker to manipulate these attributes, causing the system to allocate excessive resources. This uncontrolled allocation can overwhelm memory or CPU, leading to a denial of service that affects availability and potentially the stability of the host machine.

Affected Systems

Instances of DivvyDrive Information Technologies Inc. DivvyDrive versions 4.8.2.19 through 4.8.3.1 are compromised. The vulnerability was fixed in 4.8.3.2, so any deployment of those earlier releases must be considered at risk.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity. Although the EPSS score is not provided, the absence of a KEV listing does not diminish the potential for exploitation. It is likely that the attack vector is remote, given that the manipulation occurs through data supplied by an external user. An attacker that can influence object attribute selection can trigger large resource requests, exhausting system capacity.

Generated by OpenCVE AI on May 7, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DivvyDrive to version 4.8.3.2 or later
  • Restrict allocation parameters or configure resource limits to prevent flooding
  • Monitor and alert on abnormal memory or CPU usage that could indicate exploitation

Generated by OpenCVE AI on May 7, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Divvydrive
Divvydrive divvydrive
Vendors & Products Divvydrive
Divvydrive divvydrive

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before 4.8.3.2.
Title Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive
Weaknesses CWE-770
CWE-915
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H'}

Subscriptions

Divvydrive Divvydrive
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-07T14:38:03.904Z

Reserved: 2025-12-09T14:09:50.934Z

Link: CVE-2025-14341

cve-icon Vulnrichment

Updated: 2026-05-07T14:37:59.346Z

cve-icon NVD

Status : Deferred

Published: 2026-05-07T14:16:00.660

Modified: 2026-05-07T14:42:56.070

Link: CVE-2025-14341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:24:45Z

Weaknesses