CVE-2023-26433

Summary

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.

Affected Software

VendorProductVersion RangeStatus
OX Software GmbHOX App Suite0 <= 7.10.6-rev39affected
OX Software GmbHOX App Suite0 <= 8.10affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References