CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.znuny.com	Product
https://www.znuny.org/en/advisories	Vendor Advisory
https://www.znuny.org/en/advisories/zsa-2024-04	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::-:::*

History

No history.

Information

Published : 2024-10-11 21:15

Updated : 2025-03-14 14:15

NVD link : CVE-2024-48938

Mitre link : CVE-2024-48938

CVE.ORG link : CVE-2024-48938

JSON object : View

Products Affected

znuny

znuny

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2024-48938", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-11T21:15:07.387", "references": [{"url": "https://www.znuny.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.znuny.org/en/advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.znuny.org/en/advisories/zsa-2024-04", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process."}, {"lang": "es", "value": "Las versiones anteriores a LTS 6.5.1 a 6.5.10 y 7.0.1 a 7.0.16 de Znuny permiten ataques DoS/ReDos por correo electr\u00f3nico. Analizar el contenido de correos electr\u00f3nicos en los que se copia c\u00f3digo HTML de Microsoft Word podr\u00eda generar un alto uso de la CPU y bloquear el proceso de an\u00e1lisis."}], "lastModified": "2025-03-14T14:15:16.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "781BBE9F-BF47-415B-B7A6-7B94D7C4E2EE", "versionEndExcluding": "6.1.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "068CA6EF-DC75-4086-A673-6FF714D76AB3", "versionEndIncluding": "6.5.10", "versionStartIncluding": "6.5.1"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "773D66F5-535A-4EF9-A078-078B77470959", "versionEndIncluding": "7.0.16", "versionStartIncluding": "7.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}