CVE-2023-29046
Summary
| CVE | CVE-2023-29046 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-11-02 14:15:00 UTC |
| Updated | 2024-01-12 07:15:00 UTC |
| Description | Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Open-xchange | Open-xchange Appsuite | All | All | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | - | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6069 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6073 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6080 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6085 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6093 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6102 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6112 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6121 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6133 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6138 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6141 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6146 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6147 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6148 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6150 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6156 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6161 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6166 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6173 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6176 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6178 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6189 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6194 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6199 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6204 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6205 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6209 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6210 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6214 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6215 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6216 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6218 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6219 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6220 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6227 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6230 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6233 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6235 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6236 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6239 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6241 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0004.json | MISC | documentation.open-xchange.com | |
| documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json | documentation.open-xchange.com | ||
| software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.... | MISC | software.open-xchange.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.