CVE-2021-28994

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

Published: Apr 1, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-28994
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
kopano / groupware_core	11.0.0	11.0.1.x
kopano / groupware_core	10.0.0	10.0.7.x
kopano / groupware_core	9.0.0	9.1.0.x
kopano / groupware_core	-	8.7.16.x
zarafa / zarafa	6.30.0	7.2.6.x

http://www.openwall.com/lists/oss-security/2021/04/01/1
http://www.openwall.com/lists/oss-security/2021/04/25/1
https://www.openwall.com/lists/oss-security/2021/03/19/6

Vulnerability Database

CVE-2021-28994