CVE-2024-37358
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Apache James vulnerable to denial of service through the use of IMAP literals
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.james.protocols:protocols-imap | <3.7.6 | 3.7.6 |
| Maven | org.apache.james.protocols:protocols-imap | >=3.8.0,<3.8.2 | 3.8.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-37358
- https://github.com/apache/james-project/commit/6dd3ad9ea1f6a9bc887d2c7af3f5aa30a60ec769
- https://github.com/apache/james-project/commit/b2f3c06edfd37b409121bf04c56a6f026048a77e
- https://github.com/apache/james-project
- https://lists.apache.org/thread/1pxsh11v5s3fkvhnqvkmlqwt3fgpcrqc
Verify integrity in audit chain (admin only). AS-IS.