Unrated severityNVD Advisory· Published Nov 25, 2022· Updated Apr 23, 2025
Missing length validation of user displayname in nextcloud server
CVE-2022-39346
Description
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=22.2.9, <=23.0.6, <=24.0.2
- osv-coords2 versionspkg:rpm/opensuse/nextcloud&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2015%20SP4
< 23.0.12-bp154.2.3.1+ 1 more
- (no CPE)range: < 23.0.12-bp154.2.3.1
- (no CPE)range: < 23.0.12-bp154.2.3.1
- nextcloud/security-advisoriesv5Range: < 22.2.10
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TARDPRPBTI5TJRBYRVVQGTL6KWRCV5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R32L3P53AQKQQC652LA5U3AWFTZKPDK3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAER4DCCHHSUDFHQ6LTIH4JEJFF73IU/mitrevendor-advisory
- github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6mitre
- github.com/nextcloud/server/pull/33052mitre
- hackerone.com/reports/1588562mitre
News mentions
0No linked articles in our index yet.