UBUNTU-CVE-2024-48938

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-48938

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-48938.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-48938

Related

CVE-2024-48938

Published

2024-10-11T21:15:00Z

Modified

2025-06-02T17:29:44Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

References

Affected packages

Ubuntu:24.10 / znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.10-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.6-1

6.5.8-1

6.5.9-1

6.5.10-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.6-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.3-1

6.5.4-1

6.5.5-1

6.5.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.14-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.14-1

Affected versions

6.*

6.5.10-1

6.5.11-1

6.5.13-1

6.5.13-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "6.5.14-1",
            "binary_name": "otrs2"
        },
        {
            "binary_version": "6.5.14-1",
            "binary_name": "znuny"
        }
    ],
    "availability": "No subscription required"
}