oss-sec mailing list archives
Re: kopano-core 11.0.1: Remote DoS by memory exhaustion
From: Jan Engelhardt <jengelh () inai de>
Date: Thu, 1 Apr 2021 01:20:24 +0200 (CEST)
On Friday 2021-03-19 13:44, Jan Engelhardt wrote:
Initial publication, no CVE number yet (will request). […] The "kopano-ical" program implements a network service/trivial HTTP server. It imposes no length restrictions on HTTP headers, which can be exploited to memory-exhaust the process and have it terminate.
This was assigned CVE-2021-28994.
Current thread:
- Re: kopano-core 11.0.1: Remote DoS by memory exhaustion Jan Engelhardt (Apr 01)