CVE-2008-7280 — Improper Input Validation in Otrs

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.2.7-1 (bullseye)

▶NVDotrs/otrs2.2.6+42

Patches

Patch: bugs.otrs.org ↗Patch: bugs.otrs.org ↗

🔴Vulnerability Details

GHSA

GHSA-hccp-3jmw-j79m: Kernel/System/EmailParser↗2022-05-17

▶

OSV

CVE-2008-7280: Kernel/System/EmailParser↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2008-7280: otrs2 - Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System ...↗2008

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶