CVE-2023-41706

Summary

Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.

Affected Software

VendorProductVersion RangeStatus
Open-Xchange GmbHOX App Suite0 <= 7.10.6-rev55affected
Open-Xchange GmbHOX App Suite0 <= 7.6.3-rev71affected
Open-Xchange GmbHOX App Suite0 <= 8.19affected

Weaknesses

  • CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References