Vulnerability Description
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | James | < 3.6.1 |
References
- http://www.openwall.com/lists/oss-security/2022/01/04/2Mailing ListThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/01/04/2Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/01/04/2Mailing ListThird Party Advisory
- https://www.openwall.com/lists/oss-security/2022/01/04/2Mailing ListThird Party Advisory
FAQ
What is CVE-2021-40110?
CVE-2021-40110 is a vulnerability with a CVSS score of 7.5 (HIGH). In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James ...
How severe is CVE-2021-40110?
CVE-2021-40110 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40110?
Check the references section above for vendor advisories and patch information. Affected products include: Apache James.