CVE-2016-6188

Published on: 02/03/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Sogo from Inverse contain the following vulnerability:

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.

  • CVE-2016-6188 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
0003510: DOS through uploading large attachments - SOGo - BTS Issue Tracking
Vendor Advisory
sogo.nu
text/html
URL Logo CONFIRM sogo.nu/bugs/view.php?id=3510
SOGo CVE-2016-6188 Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 96007
(feat) attachment size upload using WOMaxUploadSize (fixes #3510 and … · inverse-inc/[email protected] · GitHub Issue Tracking
Patch
github.com
text/html
URL Logo CONFIRM github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
oss-security - Re: CVE request: several SOGo issues (DOS, XSS, information leakage) Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160709 Re: CVE request: several SOGo issues (DOS, XSS, information leakage)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationInverseSogo2.3.7AllAllAll
ApplicationInverseSogo2.3.7AllAllAll
  • cpe:2.3:a:inverse:sogo:2.3.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:inverse:sogo:2.3.7:*:*:*:*:*:*:*: