Back to CVE Browser

CVE-2019-18180

MEDIUM

5.3

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile16.90th

PublishedDec 5, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.

Affected Platforms (CPE)

📦

Otrs

Otrs

>= 5.0.0 and < 5.0.39

📦

Otrs

Otrs

>= 6.0.0 and < 6.0.24

📦

Otrs

Otrs

>= 7.0.0 and < 7.0.13

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

🔗 https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/

🔗 https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

Related Vulnerabilities

CVE-2016-28519.8

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memor...

CVE-2015-88339.8

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr pl...

CVE-2016-58439.4

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket ...

CVE-2026-481889.1

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated S...