Advisory ReportM-Vault Denial of Service VulnerabilityWednesday 21st December 2022
|Summary||Denial of Service due to application crash|
|Release Date||21st December 2022|
|Version(s)||16.0v0 to 17.0v23|
Summary of vulnerability
This advisory discloses a critical vulnerability introduced in version R16.0v0 of M-Vault. The following versions are affected by this vulnerability:
- M-Vault R16.0v0 to R17.0v23.
Isode rates the severity level of this vulnerability as high, according to the CVSS system (details can be found at www.first.org).
This vulnerability has been fixed in M-Vault R17.0v24 and affected services are advised to immediately upgrade to this version. Current later versions (such as the subsequent major release R18.0) are not affected by this vulnerability.
This vulnerability was discovered, with thanks from Isode, by Jerome Nokin of the NATO Cyber Security Centre (NCSC).