Memory Exhaustion Vulnerability in ONLYOFFICE Document Server
CVE-2023-30188

7.5HIGH

Key Information:

Vendor: Onlyoffice
Status: Document Server
Vendor: CVE Published:; 14 August 2023

What is CVE-2023-30188?

A memory exhaustion vulnerability exists in the ONLYOFFICE Document Server that can be exploited by remote attackers. Maliciously crafted JavaScript files can lead to a denial of service, causing the server to become unresponsive. This vulnerability spans several versions, emphasizing the need for users to apply patches and monitor for unusual activities. For more detailed information and mitigation strategies, refer to the official documentation and community resources.

References

https://github.com/ONLYOFFICE/DocumentServer

http://onlyoffice.com

https://github.com/ONLYOFFICE/core/blob/8ca40a44ce47a8616...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Apr 7, 2023

JSON

Onlyoffice

What is CVE-2023-30188?

References

CVSS V3.1

Timeline