Vulnerability DatabaseCVE-2022-29243

CVE-2022-29243:
Linux Gentoo vulnerability analysis and mitigation

Overview

Nextcloud Server, a self-hosted productivity platform's file server software, was found to have a vulnerability prior to versions 22.2.7 and 23.0.4. The vulnerability (CVE-2022-29243) was related to missing input-size validation of new session names, which allowed users to create app passwords with long names (GitHub Advisory).

Technical details

The vulnerability stems from improper input validation where the system failed to enforce size limits on session names when creating app passwords. These long names would then be loaded into memory during usage, which could impact system performance. The vulnerability has been assigned a CVSS v3.1 score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (GitHub Advisory).

Impact

The primary impact of this vulnerability is on system performance. When exploited, the vulnerability could lead to impacted performance due to long session names being loaded into memory during usage (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in Nextcloud Server versions 22.2.7 and 23.0.4. It is recommended to upgrade to these versions or later. No workarounds are available for this vulnerability (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Gentoo vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp	No	Yes	Nov 21, 2025
CVE-2025-65018	HIGH	7.1	NixOS	java-17-openjdk-devel-slowdebug	No	Yes	Nov 25, 2025
CVE-2025-64720	HIGH	7.1	NixOS	java-21-openjdk	No	Yes	Nov 25, 2025
CVE-2025-64506	MEDIUM	6.1	NixOS	java-17-openjdk-static-libs	No	Yes	Nov 25, 2025
CVE-2025-64505	MEDIUM	6.1	NixOS	java-17-openjdk-headless	No	Yes	Nov 25, 2025