CVE-2010-4767

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2010-4767
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-4767.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2010-4767
Published
2011-03-18T16:55:01Z
Modified
2024-06-30T12:29:57.655129Z
Summary
[none]
Details

Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

References

Affected packages

Debian:11 / otrs2

Package

Name
otrs2
Purl
pkg:deb/debian/otrs2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.5-1

Affected versions

2.*

2.0.4p01-6
2.0.4p01-7
2.0.4p01-8
2.0.4p01-9
2.0.4p01-10
2.0.4p01-11
2.0.4p01-12
2.0.4p01-13
2.0.4p01-14
2.0.4p01-14.1
2.0.4p01-15
2.0.4p01-16
2.0.4p01-17
2.0.4p01-18
2.0.99beta1-1
2.0.99beta1-2
2.1.1-1
2.1.3-1
2.1.4-1
2.1.4-2
2.1.5-1
2.1.5-2
2.1.5-3
2.1.6-1
2.1.7-1
2.1.7-2
2.2.0~beta2-1
2.2.0~beta3-1
2.2.1-1
2.2.2-1
2.2.3-1
2.2.4-1
2.2.5-1
2.2.5-2
2.2.6-1
2.2.7-1
2.2.7-2
2.2.7-2lenny1
2.2.7-2lenny2
2.2.7-2lenny3
2.2.7-3
2.3.2-1
2.3.2-2
2.3.3-1
2.3.4-1
2.3.4-2
2.3.4-3
2.3.4-4
2.3.4-5
2.3.4-6
2.3.4-7

Ecosystem specific

{
    "urgency": "low"
}