CVE-2022-27897 : Vulnerability Insights and Analysis
Discover the impact of CVE-2022-27897 where Palantir Gotham versions before 3.22.11.2 included an unauthenticated endpoint allowing memory exhaustion via malicious zip files.
Palantir Gotham included an endpoint that would log arbitrary sized zip files.
Understanding CVE-2022-27897
This CVE discloses a vulnerability in Palantir Gotham versions before 3.22.11.2 where an unauthenticated endpoint could load portions of maliciously crafted zip files to memory.
What is CVE-2022-27897?
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
The Impact of CVE-2022-27897
The vulnerability allows an attacker to exhaust memory resources on the Palantir Gotham dispatch server, potentially leading to denial of service (DoS) conditions.
Technical Details of CVE-2022-27897
Vulnerability Description
The unauthenticated endpoint in Palantir Gotham versions before 3.22.11.2 could be exploited by uploading malicious zip files, causing memory exhaustion on the dispatch server.
Affected Systems and Versions
- Vendor: Palantir
- Product: Gotham
- Affected Versions: Prior to 3.22.11.2
Exploitation Mechanism
An attacker can repeatedly upload a malicious zip file through the unauthenticated endpoint, causing memory resources exhaustion on the dispatch server.
Mitigation and Prevention
Immediate Steps to Take
Users are advised to upgrade Palantir Gotham to version 3.22.11.2 or later to mitigate the vulnerability.
Long-Term Security Practices
Regularly monitor and update all software components to ensure timely patching of security vulnerabilities to prevent exploitation.
Patching and Updates
Palantir has released version 3.22.11.2, which addresses this vulnerability by removing the unauthenticated endpoint that loads zip files to memory.