Description
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
Problem types
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Product status
1.6.0 (semver) before 1.6.17
1.7.0 (semver) before 1.7.2
References
roundcube.net/...026/07/05/security-updates-1.6.17-and-1.7.2
github.com/roundcube/roundcubemail/releases/tag/1.7.2
github.com/...ommit/877269c79359d959a94f13c9070cab0f3389c193
github.com/...ommit/fb952956c6eaf29e963f1a718d028d66e7957ce0
github.com/roundcube/roundcubemail/releases/tag/1.6.17
github.com/...ommit/a007321346380136b3de2bd75b486b04f63c0d38
github.com/...ommit/132ac8dd5a55c8466be12de1daf84355697ffa89