Denial of Service Vulnerability in Znuny Email Parser
CVE-2024-48938

7.5HIGH

Key Information:

Vendor: Znuny
Status: Znuny
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-48938?

The vulnerability identified in versions of Znuny allows for Denial of Service attacks through email content parsing. Specifically, parsing HTML content copied from Microsoft Word can lead to significant CPU resource consumption, hindering the email processing capabilities of the system. This issue manifests in various versions ranging from LTS 6.5.1 to 6.5.10, and 7.0.1 to 7.0.16, posing a risk to users relying on Znuny's email functionality.

References

https://www.znuny.com

https://www.znuny.org/en/advisories

https://www.znuny.org/en/advisories/zsa-2024-04

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Oct 9, 2024

CVE-2024-48938 Data

JSON