{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8696", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2025-08-07T09:49:55.542Z", "datePublished": "2025-09-10T17:59:52.878Z", "dateUpdated": "2025-09-10T17:59:52.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2025-09-10T17:59:52.878Z"}, "title": "DoS attack against the Stork UI from an unauthenticated user", "datePublic": "2025-09-10T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "Stork", "versions": [{"version": "1.0.0", "lessThanOrEqual": "2.3.0", "status": "affected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value"}, {"lang": "en", "type": "CWE", "cweId": "CWE-779", "description": "CWE-779 Logging of Excessive Data"}]}], "descriptions": [{"lang": "en", "value": "If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.\nThis issue affects Stork versions 1.0.0 through 2.3.0."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Resource exhaustion. A sufficiently large input will cause Stork to allocate more memory than is available, leading to the failure of the `stork-server` process and/or other processes. Repeated smaller inputs may not exhaust memory but may fill log storage or force premature log rotation."}]}], "workarounds": [{"lang": "en", "value": "Placing the Stork server behind a firewall or proxy that only allows access from trusted clients, and/or enforces input size limits, is an effective workaround."}], "exploits": [{"lang": "en", "value": "This flaw was discovered in internal testing. We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of Stork: 2.2.1 or 2.3.1."}], "references": [{"url": "https://kb.isc.org/docs/cve-2025-8696", "name": "CVE-2025-8696", "tags": ["vendor-advisory"]}], "source": {"discovery": "INTERNAL"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.\nThis issue affects Stork versions 1.0.0 through 2.3.0."}], "id": "CVE-2025-8696", "lastModified": "2025-09-10T18:15:34.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Primary"}]}, "published": "2025-09-10T18:15:34.817", "references": [{"source": "security-officer@isc.org", "url": "https://kb.isc.org/docs/cve-2025-8696"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-779"}, {"lang": "en", "value": "CWE-789"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{}

{}