CVE Vulnerability

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).

7.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/ Patch Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-03-18 03:15

Updated : 2021-03-25 01:44

NVD link : CVE-2021-28667

Mitre link : CVE-2021-28667

Products Affected
No products.
CWE
CWE-835