CVE-2023-53873
Unknown
Unknown - Not Provided
Denial of Service in SyncBreeze Login via Oversized Password Parameter
Vulnerability report for CVE-2023-53873, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: VulnCheck
Description
Description
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| syncbreeze | syncbreeze | 15.2.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |