Denial of Service Vulnerability in Chat Service by Specific Vendor
CVE-2023-28356

7.5HIGH

Key Information:

Vendor: Rocket.chat
Status: Rocket.chat
Vendor: CVE Published:; 11 May 2023

🔔 Create Rocket.chat Vulnerability Alert

What is CVE-2023-28356?

A vulnerability has been found in the chat service where a specially crafted message can trigger a loop in one of the service processes. This can lead to excessive CPU usage, often exceeding 120%, and results in the chat service becoming unresponsive, significantly disrupting user experience. Address this issue to ensure service reliability and performance.

Affected Version(s)

Rocket.Chat This issue has been fixed in version 6.0> and is backported for the supported versions. Check this document for more info: https://docs.rocket.chat/resources/get-support/enterprise-support#rocket.chat-versions

References

https://hackerone.com/reports/1461340

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Mar 15, 2023