CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*

History

17 Oct 2024, 19:49

Type Values Removed Values Added
CPE cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-1333
First Time Znuny
Znuny znuny
References () https://www.znuny.com - () https://www.znuny.com - Product
References () https://www.znuny.org/en/advisories - () https://www.znuny.org/en/advisories - Vendor Advisory
References () https://www.znuny.org/en/advisories/zsa-2024-04 - () https://www.znuny.org/en/advisories/zsa-2024-04 - Vendor Advisory

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Las versiones anteriores a LTS 6.5.1 a 6.5.10 y 7.0.1 a 7.0.16 de Znuny permiten ataques DoS/ReDos por correo electrónico. Analizar el contenido de correos electrónicos en los que se copia código HTML de Microsoft Word podría generar un alto uso de la CPU y bloquear el proceso de análisis.

11 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 21:15

Updated : 2024-10-17 19:49


NVD link : CVE-2024-48938

Mitre link : CVE-2024-48938

CVE.ORG link : CVE-2024-48938


JSON object : View

Products Affected

znuny

  • znuny
CWE
CWE-1333

Inefficient Regular Expression Complexity