CVE-2021-36093 — Incorrect Regular Expression in AG Community Edition

CWE-185 — Incorrect Regular Expression4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 35.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedSep 6

Latest updateMay 24

Description

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶NVDotrs/otrs7.0.0 — 7.0.29+2

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.28+1

🔴Vulnerability Details

GHSA

GHSA-p8h5-xqwr-ww86: It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS↗2022-05-24

▶

OSV

CVE-2021-36093: It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS↗2021-09-06

▶

CVEList

DoS attack using PostMaster filters↗2021-09-06

▶