CVE-2024-48938: Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied...

Description

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

Classification

CVE ID: CVE-2024-48938

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.25% (probability of being exploited)

EPSS Percentile: 45.93% (scored less or equal to compared to others)

EPSS Date: 2025-04-12 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-48938
https://www.znuny.com
https://www.znuny.org/en/advisories
https://www.znuny.org/en/advisories/zsa-2024-04

Timeline

2025-03-14 14:40:20 UTC
CVE

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied...