CVE-2022-39052 — Infinite Loop in AG Community Edition

CWE-835 — Infinite Loop4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.5

EPSS

0.1%

top 69.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedOct 17

Description

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDotrs/otrs7.0.0 — 7.0.39+2

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.39+1

🔴Vulnerability Details

CVEList

DoS attack using email↗2022-10-17

▶

GHSA

GHSA-q249-c8f4-3h57: An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system↗2022-10-17

▶

OSV

CVE-2022-39052: An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system↗2022-10-17

▶