CVE-2023-41705 — Uncontrolled Resource Consumption in Gmbh OX APP Suite

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite Open-xchange Gmbh OX APP Suite

Timeline

PublishedFeb 12

Description

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_appsuite< 7.6.3+4

▶CVEListV5open-xchange_gmbh/ox_app_suite7.10.6-rev55+2

🔴Vulnerability Details

CVEList

CVE-2023-41705: Processing of user-defined DAV user-agent strings is not limited↗2024-02-12

▶

GHSA

GHSA-982m-cqw9-rvqf: Processing of user-defined DAV user-agent strings is not limited↗2024-02-12

▶