CVE-2024-48938 — Regex Denial of Service in Znuny

CWE-1333 — Regex Denial of Service9 documents4 sources

Severity

7.5HIGHNVD

OSV5.5

EPSS

0.7%

top 28.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Znuny Linux Kernel Debian Znuny

Timeline

PublishedOct 11

Latest updateJan 6

Description

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDznuny/znuny6.0.0 — 6.1.0+2

▶debiandebian/znuny< znuny 6.5.11-1 (forky)

▶Debianznuny/znuny< 6.5.11-1+1

▶Ubuntulinux/linux_kernel< 5.4.0-202.222

🔴Vulnerability Details

OSV

linux-raspi-5.4 vulnerabilities↗2025-01-06

▶

OSV

linux-iot vulnerabilities↗2024-12-20

▶

OSV

linux-aws, linux-aws-5.4 vulnerabilities↗2024-12-17

▶

OSV

linux-bluefield, linux-oracle, linux-oracle-5.4 vulnerabilities↗2024-12-17

▶

OSV

linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities↗2024-12-12

▶

📋Vendor Advisories

Debian

CVE-2024-48938: znuny - Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos ...↗2024

▶