Denial of Service Risk in ONLYOFFICE DocumentServer by ONLYOFFICE
CVE-2021-25829

7.5HIGH

Key Information:

Vendor

Onlyoffice

Status
Document Server
Vendor
CVE Published:
1 March 2021

What is CVE-2021-25829?

An issue related to improper binary stream data handling was identified in the core module of ONLYOFFICE DocumentServer versions 4.0.0-9 to 5.6.3. This vulnerability can be exploited to initiate denial of service attacks, potentially leading to significant downtime and server disruptions. Administrators are encouraged to review their deployments and consider upgrading to patched versions to mitigate this risk.

References

https://github.com/ONLYOFFICE/DocumentServer
x_refsource_MISC
https://github.com/ONLYOFFICE/core
x_refsource_MISC
https://github.com/ONLYOFFICE/core/blob/v5.6.4.10/ASCOffi...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-25829 : Denial of Service Risk in ONLYOFFICE DocumentServer by ONLYOFFICE