CVE-2025-71377 PUBLISHED

stoatchat before 20250210-1 Unrestricted Message History Fetch

Assigner: VulnCheck
Reserved: 20.06.2026 Published: 16.07.2026 Updated: 16.07.2026

stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor stoatchat
Product stoatchat
Versions Default: unaffected
  • affected from 0 to 20250210-1 (0.8.2) (excl.)
  • Version 20250210-1 (0.8.2) is unaffected

References

Problem Types

  • Comparison Using Wrong Factors CWE