CVE-2024-48938

Name of the Vulnerable Software and Affected Versions Znuny versions prior to 6.5.1 through 6.5.10 Znuny versions 7.0.1 through 7.0.16

Description The issue allows for Denial of Service (DoS) or Regular Expression Denial of Service (ReDos) attacks via email. This occurs when parsing the content of emails that contain HTML code copied from Microsoft Word, leading to high CPU usage and potentially blocking the parsing process.

Recommendations For Znuny versions prior to 6.5.1 through 6.5.10, update to version 6.5.1 or later to resolve the issue. For Znuny versions 7.0.1 through 7.0.16, update to a version later than 7.0.16 to resolve the issue. As a temporary workaround, consider restricting the parsing of emails with HTML content from Microsoft Word to minimize the risk of exploitation.