CVE-2021-40110

Опубликовано: 04 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.

Ссылки

http://www.openwall.com/lists/oss-security/2022/01/04/2
Mailing List
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/04/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/04/2
Mailing List
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/04/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*

Версия до 3.6.1 (исключая)

EPSS

Процентиль: 65%

0.00496

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r58x-wjg8-63m9

github

около 4 лет назад

Denial of Service in Apache James