CVE-2023-29046
02.11.2023, 14:15
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.Enginsight
| Vendor | Product | Version |
|---|---|---|
| open-xchange | open-xchange_appsuite | 𝑥 < 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6069 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6073 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6080 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6085 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6093 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6102 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6112 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6121 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6133 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6138 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6141 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6146 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6147 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6148 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6150 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6156 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6161 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6166 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6173 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6176 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6178 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6189 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6194 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6199 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6204 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6205 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6209 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6210 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6214 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6215 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6216 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6218 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6219 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6220 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6227 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6230 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6233 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6235 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6236 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6239 |
| open-xchange | open-xchange_appsuite | 7.10.6:patch_release_6241 |
𝑥
= Vulnerable software versions
References