PT-2022-11187 · Apache · Apache James

Benoit Tellier

Published

2022-01-04

Updated

2022-01-12

CVE-2021-40110

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.6.1

Description A Denial Of Service issue was identified in Apache James, where an IMAP user can craft IMAP LIST commands to exploit a vulnerable regular expression, leading to a denial of service. This issue was discovered using the Jazzer fuzzer.

Recommendations For versions prior to 3.6.1, upgrade to Apache James 3.6.1 or higher, which enforces the use of the RE2J regular expression engine to execute regex in linear time without back-tracking.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-40110

GHSA-R58X-WJG8-63M9

Affected Products

Apache James

PT-2022-11187 · Apache · Apache James

CVE-2021-40110

Related Identifiers

Affected Products

References · 5