What is CVE-2021-32832?

CVE-2021-32832 is a medium-severity vulnerability in Rocket.chat, classified under Uncontrolled Resource Consumption. CVSS score: 4.3/10. Published 2021-08-30.

How severe is CVE-2021-32832?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Resource exhaustion in Rocket.chat

CVE-2021-32832

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.016 (73.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Rocket.chat
Rocketchat Rocket.chat — versions < 3.11.3

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

security-advisories@github.com (x_refsource_MISC, Vendor Advisory)
security-advisories@github.com (x_refsource_CONFIRM, Exploit, Third Party Advisory)
security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32832?: CVE-2021-32832 is a medium-severity vulnerability in Rocket.chat, classified under Uncontrolled Resource Consumption. CVSS score: 4.3/10. Published 2021-08-30.
How severe is CVE-2021-32832?: Medium severity. CVSS v3 base score is 4.3 out of 10.