What is GHSA-5v95-j4rr-6f3c?

GHSA-5v95-j4rr-6f3c is a security advisory published by GitHub Security Advisories with High severity. rdiffweb's unlimited username field length can lead to DoS

Which CVE IDs does GHSA-5v95-j4rr-6f3c cover?

GHSA-5v95-j4rr-6f3c covers the following CVE IDs: CVE-2022-3290. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5v95-j4rr-6f3c?

GHSA-5v95-j4rr-6f3c has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

Which products are affected by GHSA-5v95-j4rr-6f3c?

GHSA-5v95-j4rr-6f3c affects 1 product, including: pip/rdiffweb:\u003c 2.4.8.

GHSA-5v95-j4rr-6f3cHighCVSS 7.5

rdiffweb's unlimited username field length can lead to DoS

Vendor

GitHub Security Advisories

Published

September 27, 2022

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2022-3290 →

📋 Description

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service (DoS). This issue is patched in version 2.4.8. There are no known workarounds.

🎯 Affected products1

pip/rdiffweb:< 2.4.8

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2022-3290
https://github.com/ikus060/rdiffweb/commit/667657c6fe2b336c90be37f37fb92f65df4feee3
https://huntr.dev/bounties/d8b8519d-96a5-484c-8141-624c54290bf5
https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-292.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43184.yaml
https://github.com/advisories/GHSA-5v95-j4rr-6f3c