CVE-2019-18180 — Infinite Loop in Otrs

CWE-835 — Infinite Loop4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Debian Otrs2

Timeline

PublishedDec 5

Latest updateMay 24

Description

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDotrs/otrs5.0.0 — 5.0.39+2

▶debiandebian/otrs2< otrs2 6.0.24-1 (bullseye)

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-9g8p-x3jv-xwc5: Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e↗2022-05-24

▶

OSV

CVE-2019-18180: Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e↗2019-12-05

▶

📋Vendor Advisories

Debian

CVE-2019-18180: otrs2 - Improper Check for filenames with overly long extensions in PostMaster (sending ...↗2019

▶