CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-18180

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile16.90th
Published2019年12月5日
Last Modified2024年11月21日

Vulnerability Description

Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.

Affected Platforms (CPE)

📦
Otrs

Otrs

>= 5.0.0 and < 5.0.39
📦
Otrs

Otrs

>= 6.0.0 and < 6.0.24
📦
Otrs

Otrs

>= 7.0.0 and < 7.0.13

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
🔗 https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
🔗 https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html

相关漏洞威胁

CVE-2016-28519.8

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memor...

CVE-2015-88339.8

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr pl...

CVE-2016-58439.4

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket ...

CVE-2026-481889.1

An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated S...