CVE-2023-26434

Summary

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known.

Affected Software

VendorProductVersion RangeStatus
OX Software GmbHOX App Suite0 <= 7.10.6-rev39affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References