CVE-2024-48938

Published: Oct 11, 2024Modified: Mar 14, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

Affected (3)

Products: Znuny: Znuny

Znuny

1 product

Znuny

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Znuny Znuny	From 7.0.1 to 7.0.16
Znuny Znuny	From 6.0.0 to 6.1.0
Znuny Znuny	From 6.5.1 to 6.5.10

Related CWEs

CWE-1333

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (3)

https://www.znuny.com

Source: cve@mitre.org

Product

https://www.znuny.org/en/advisories

Source: cve@mitre.org

Vendor Advisory

https://www.znuny.org/en/advisories/zsa-2024-04

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.