Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sogo | Alinto | 2.3.7 (including) | 2.3.7 (including) |
| Sogo | Ubuntu | artful | * |
| Sogo | Ubuntu | esm-apps/xenial | * |
| Sogo | Ubuntu | wily | * |
| Sogo | Ubuntu | xenial | * |
| Sogo | Ubuntu | yakkety | * |
| Sogo | Ubuntu | zesty | * |
References
- http://www.openwall.com/lists/oss-security/2016/07/09/3
- http://www.securityfocus.com/bid/96007
- https://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
- https://sogo.nu/bugs/view.php?id=3510
- http://www.openwall.com/lists/oss-security/2016/07/09/3
- http://www.securityfocus.com/bid/96007
- https://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
- https://sogo.nu/bugs/view.php?id=3510