CVE-2025-11579
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-12-02
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nwaples | rardecode | * |
| mattermost | mattermost | 10.11.4 |
| mattermost | mattermost | 10.5.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in github.com/nwaples/rardecode versions up to 2.1.1, where the software fails to restrict the dictionary size when processing large RAR dictionary sizes. An attacker can exploit this by providing a specially crafted RAR file that causes the program to consume excessive memory, leading to a Denial of Service (DoS) through an Out Of Memory crash.
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial of Service condition caused by an Out Of Memory crash. This means that an attacker can cause the affected software to crash or become unresponsive by supplying a malicious RAR file, potentially disrupting services or applications relying on this library.