Denial of Service in Best Practical Request Tracker
CVE-2018-18898

7.5HIGH

Key Information:

Vendor

Bestpractical

Status
Request Tracker
Vendor
CVE Published:
21 March 2019

What is CVE-2018-18898?

The email ingestion feature in Best Practical Request Tracker versions 4.1.13 through 4.4 is susceptible to a denial of service attack. This vulnerability is triggered by remote attackers launching algorithmic complexity attacks during the email address parsing process, which could render the affected system inoperable. It is crucial to apply the appropriate patches and updates to mitigate this risk and ensure the continuous availability of the Request Tracker application.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://bestpractical.com/download-page
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.