CVE-2023-41707 — Uncontrolled Resource Consumption in Gmbh OX APP Suite

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite Open-xchange Gmbh OX APP Suite

Timeline

PublishedFeb 12

Description

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDopen-xchange/open-xchange_appsuite< 7.6.3+4

▶CVEListV5open-xchange_gmbh/ox_app_suite7.10.6-rev55+2

🔴Vulnerability Details

GHSA

GHSA-f39x-gx7x-wwfj: Processing of user-defined mail search expressions is not limited↗2024-02-12

▶

CVEList

CVE-2023-41707: Processing of user-defined mail search expressions is not limited↗2024-02-12

▶