CVE-2024-37358

Summary

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations

Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache James server0 <= 3.7.5affected
Apache Software FoundationApache James server3.8.0 <= 3.8.1affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References