Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LDefault status
unaffected
1.6.0 (semver) before 1.6.17
affected
1.7.0 (semver) before 1.7.2
affected
Description
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.
Problem types
CWE-770 Allocation of Resources Without Limits or Throttling
Product status
1.6.0 (semver) before 1.6.17
1.7.0 (semver) before 1.7.2
References
roundcube.net/...026/07/05/security-updates-1.6.17-and-1.7.2
github.com/roundcube/roundcubemail/releases/tag/1.7.2
github.com/...ommit/6d1004fd3764a9606c53130b322c0f295c38be64
github.com/roundcube/roundcubemail/releases/tag/1.6.17
github.com/...ommit/bf253c72d4293c93fda511b8464fe9cb34b522c1