CVE-2024-48938

HIGH

Znuny < 6.1.0 - Denial of Service

Title source: rule

Description

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

References (3)

[Product] https://www.znuny.com

[Vendor Advisory] https://www.znuny.org/en/advisories

[Vendor Advisory] https://www.znuny.org/en/advisories/zsa-2024-04

Scores

CVSS v3 7.5

EPSS 0.0070

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (2)

znuny/znuny 6.0.0 - 6.1.0

znuny/znuny 7.0.1 - 7.0.16

Published Oct 11, 2024

Tracked Since Feb 18, 2026