CVE Vulnerability

CVE-2022-21689

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc Third Party Advisory
https://github.com/onionshare/onionshare/releases/tag/v2.5 Release Notes Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*
Information

Published : 2022-01-18 10:15

Updated : 2022-01-25 08:25

NVD link : CVE-2022-21689

Mitre link : CVE-2022-21689

Products Affected
No products.
CWE
CWE-400