Memory Leak Vulnerability in SOGo Email Groupware by Inverse Inc.
CVE-2016-6188

6.5MEDIUM

Key Information:

Vendor

Alinto

Status
Sogo
Vendor
CVE Published:
3 February 2017

What is CVE-2016-6188?

A memory leak vulnerability in SOGo version 2.3.7 allows remote attackers to exploit the system by initiating a high volume of attachment upload attempts. This action can lead to significant memory consumption, ultimately resulting in a denial of service as the system becomes unresponsive due to resource exhaustion. The issue is linked to the handling of temporary files during the upload process, posing a risk for denying access to legitimate users.

References

https://sogo.nu/bugs/view.php?id=3510
x_refsource_CONFIRM
https://github.com/inverse-inc/sogo/commit/32bb1456e23a32...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/07/09/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.