CVE-2022-21688 is a vulnerability identified in OnionShare, an open-source desktop application that enables secure and anonymous file sharing, website hosting, and chat over the Tor network. The vulnerability is classified as CWE-125, an out-of-bounds read, specifically triggered during the parsing of images within the QT framework used by the application. The flaw allows an attacker to cause excessive memory consumption—approximately 2GB per trigger—by supplying roughly 20 bytes of crafted data that is processed when rendering the history tab in the OnionShare desktop client. This memory exhaustion can be triggered multiple times, leading to a denial of service (DoS) condition where the application becomes unresponsive or crashes due to out-of-memory errors. Exploitation requires some user interaction, specifically the rendering of the history tab, and access to the Onion service address. In public mode, the attacker needs knowledge of the Onion service address, while in private mode, authentication is required. The vulnerability affects versions of OnionShare prior to 2.5 and has been patched in version 2.5. There are no known exploits in the wild at the time of reporting. The impact is primarily a denial of service affecting availability rather than confidentiality or integrity. The scope is limited to the desktop application with rendered history, and exploitation requires user interaction and some level of access to the service address, which limits the attack surface somewhat.

For European organizations using OnionShare versions prior to 2.5, this vulnerability could result in denial of service conditions that disrupt secure file sharing, anonymous communications, or hosting of services over Tor. This could impact organizations relying on OnionShare for privacy-sensitive communications, including journalists, activists, NGOs, or enterprises handling sensitive data. The DoS could degrade operational availability, potentially interrupting critical workflows or communications. While the vulnerability does not directly compromise confidentiality or integrity, the loss of availability in privacy-focused tools can indirectly affect organizational security posture and trust. Given the requirement for user interaction and knowledge of service addresses, the risk is elevated but not trivial. Organizations with high reliance on OnionShare for secure communications may face operational disruptions, especially if they have not updated to the patched version. The impact is more pronounced in environments where OnionShare is integrated into broader privacy or anonymity workflows, as denial of service could force fallback to less secure alternatives or cause delays in sensitive communications.

Organizations should immediately verify the version of OnionShare deployed and upgrade to version 2.5 or later, where this vulnerability is patched. Beyond patching, administrators should restrict access to OnionShare service addresses, especially in private mode, to trusted users only, minimizing the risk of unauthorized triggering of the vulnerability. Monitoring and limiting user interaction with the history tab or disabling history rendering where feasible can reduce exposure. Network-level controls such as firewall rules or Tor configuration adjustments can limit access to OnionShare services to known clients. Additionally, organizations should implement resource monitoring on hosts running OnionShare to detect abnormal memory consumption indicative of exploitation attempts. Incident response plans should include procedures for rapid recovery from DoS conditions affecting OnionShare services. Finally, educating users about the risks of interacting with untrusted OnionShare links or services can reduce inadvertent triggering of the vulnerability.