CVE-2023-26432

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 20, 2023

Updated: Jan 12, 2024

CWE ID 400

Summary

CVE-2023-26432 is a vulnerability in which processing of SMTP "capabilities" responses during the addition of an external mail account is not size-limited. An attacker operating a rogue SMTP server can exploit this by sending responses of excessive size, leading to resource exhaustion and potential service unavailability. The vulnerability does not currently have any publicly available exploits, but affected systems have been updated to limit accepted SMTP server responses to reasonable sizes to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Open-xchange Appsuite Backend

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rthI5z
https://www.cve.org/CVERecord?id=CVE-2023-26432
https://nvd.nist.gov/vuln/detail/CVE-2023-26432

Back to Vulnerability Database

CVE-2023-26432

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations