stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion. | |
| Title | stoatchat before 20250210-1 Unrestricted Message History Fetch | |
| Weaknesses | CWE-1025 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-16T12:59:14.239Z
Reserved: 2026-06-20T13:11:44.728Z
Link: CVE-2025-71377
Updated: 2026-07-16T12:59:05.050Z
No data.
No data.
OpenCVE Enrichment
No data.