Vulnerability DatabaseCVE-2022-39346

CVE-2022-39346:
Linux Fedora vulnerability analysis and mitigation

Overview

CVE-2022-39346 affects Nextcloud server, an open source personal cloud server. The vulnerability was discovered and disclosed in 2022, where affected versions of Nextcloud server did not properly limit user display names. This security issue impacts all versions prior to 22.2.10, 23.0.7, and 24.0.3 (GitHub Advisory).

Technical details

The vulnerability stems from a missing length validation of user display names, which could potentially lead to database overload. The issue has been assigned a CVSS v3.1 base score of 3.5 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-400 (GitHub Advisory).

Impact

When exploited, this vulnerability allows malicious users to potentially cause a denial of service by overloading the backing database through sending huge amounts of data to the display name endpoint (GitHub Advisory).

Mitigation and workarounds

The recommended mitigation is to upgrade Nextcloud Server to versions 22.2.10, 23.0.7, or 24.0.3. The same versions apply for Nextcloud Enterprise Server users. No alternative workarounds are available for this vulnerability (CVE Mitre, GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Fedora vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66471	HIGH	8.9	Python	python-pip	No	Yes	Dec 05, 2025
CVE-2025-66418	HIGH	8.9	Python	libbrotli	No	Yes	Dec 05, 2025
CVE-2025-58098	HIGH	8.3	Apache HTTP Server	mod_proxy_html-debuginfo	No	Yes	Dec 05, 2025
CVE-2025-66200	MEDIUM	5.4	Apache HTTP Server	apache2	No	Yes	Dec 05, 2025
CVE-2025-61594	MEDIUM	N/A	Ruby	ruby-doc	No	Yes	Dec 11, 2025