CVE-2021-28994

Published: Mar 31, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

Affected (5)

Products: Kopano: Groupware Core · Zarafa: Zarafa

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Kopano Groupware Core	Up to 8.7.16
Kopano Groupware Core	From 10.0.0 to 10.0.7
Kopano Groupware Core	From 11.0.0 to 11.0.1
Kopano Groupware Core	From 9.0.0 to 9.1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Zarafa Zarafa	From 6.30.0 to 7.2.6

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (6)

http://www.openwall.com/lists/oss-security/2021/04/01/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/04/25/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.openwall.com/lists/oss-security/2021/03/19/6

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/04/01/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/04/25/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.openwall.com/lists/oss-security/2021/03/19/6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.