{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.1.0" }, { "fixed": "8.1.10" }, { "introduced": "9.2.0" }, { "fixed": "9.2.6" }, { "introduced": "9.3.0" }, { "fixed": "9.3.2" }, { "introduced": "9.4.0" }, { "fixed": "9.4.3" } ] }, "events": [ { "introduced": "096c9ea12a2144f832e330e9a0f4d3862ca20b9f" }, { "fixed": "674f549daf0e74933845be0ae32827e498137b63" }, { "introduced": "b47be1c0f5787562ddf430dd5c5b8b3c35748b06" }, { "fixed": "19f009e1ffa28d86a7a03bbcb6fec6a27368c7cd" }, { "introduced": "7bf5dcb8fb7f05db9a7a6a9be608ac0fe1405351" }, { "fixed": "80fef13a80f3eb2061462de28a5cd7f18caf8986" }, { "introduced": "baa88a2450d49dfea42990861283b5ed9d469edf" }, { "fixed": "472c1cd4d06083afd93cd3c6a3f1dc7476875b79" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.\n\n", "id": "CVE-2024-2446", "modified": "2026-03-13T21:55:05.770779648Z", "published": "2024-03-15T10:15:08.230Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ] }