CVE-2023-24604

Source
https://cve.org/CVERecord?id=CVE-2023-24604
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24604.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-24604
Published
2023-05-29T00:00:00Z
Modified
2026-07-15T02:08:04.658241152Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/24xxx/CVE-2023-24604.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/open-xchange/appsuite-frontend

Affected ranges

Type
GIT
Repo
https://github.com/open-xchange/appsuite-frontend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Last affected
Database specific
{
    "cpe": [
        "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*",
        "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev37:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.10.6"
        },
        {
            "introduced": "7.10.6-NA"
        },
        {
            "last_affected": "7.10.6-NA"
        },
        {
            "introduced": "7.10.6-rev10"
        },
        {
            "last_affected": "7.10.6-rev10"
        },
        {
            "introduced": "7.10.6-rev11"
        },
        {
            "last_affected": "7.10.6-rev11"
        },
        {
            "introduced": "7.10.6-rev12"
        },
        {
            "last_affected": "7.10.6-rev12"
        },
        {
            "introduced": "7.10.6-rev13"
        },
        {
            "last_affected": "7.10.6-rev13"
        },
        {
            "introduced": "7.10.6-rev14"
        },
        {
            "last_affected": "7.10.6-rev14"
        },
        {
            "introduced": "7.10.6-rev15"
        },
        {
            "last_affected": "7.10.6-rev15"
        },
        {
            "introduced": "7.10.6-rev16"
        },
        {
            "last_affected": "7.10.6-rev16"
        },
        {
            "introduced": "7.10.6-rev17"
        },
        {
            "last_affected": "7.10.6-rev17"
        },
        {
            "introduced": "7.10.6-rev18"
        },
        {
            "last_affected": "7.10.6-rev18"
        },
        {
            "introduced": "7.10.6-rev19"
        },
        {
            "last_affected": "7.10.6-rev19"
        },
        {
            "introduced": "7.10.6-rev20"
        },
        {
            "last_affected": "7.10.6-rev20"
        },
        {
            "introduced": "7.10.6-rev21"
        },
        {
            "last_affected": "7.10.6-rev21"
        },
        {
            "introduced": "7.10.6-rev22"
        },
        {
            "last_affected": "7.10.6-rev22"
        },
        {
            "introduced": "7.10.6-rev23"
        },
        {
            "last_affected": "7.10.6-rev23"
        },
        {
            "introduced": "7.10.6-rev24"
        },
        {
            "last_affected": "7.10.6-rev24"
        },
        {
            "introduced": "7.10.6-rev25"
        },
        {
            "last_affected": "7.10.6-rev25"
        },
        {
            "introduced": "7.10.6-rev26"
        },
        {
            "last_affected": "7.10.6-rev26"
        },
        {
            "introduced": "7.10.6-rev27"
        },
        {
            "last_affected": "7.10.6-rev27"
        },
        {
            "introduced": "7.10.6-rev28"
        },
        {
            "last_affected": "7.10.6-rev28"
        },
        {
            "introduced": "7.10.6-rev29"
        },
        {
            "last_affected": "7.10.6-rev29"
        },
        {
            "introduced": "7.10.6-rev30"
        },
        {
            "last_affected": "7.10.6-rev30"
        },
        {
            "introduced": "7.10.6-rev31"
        },
        {
            "last_affected": "7.10.6-rev31"
        },
        {
            "introduced": "7.10.6-rev32"
        },
        {
            "last_affected": "7.10.6-rev32"
        },
        {
            "introduced": "7.10.6-rev33"
        },
        {
            "last_affected": "7.10.6-rev33"
        },
        {
            "introduced": "7.10.6-rev34"
        },
        {
            "last_affected": "7.10.6-rev34"
        },
        {
            "introduced": "7.10.6-rev35"
        },
        {
            "last_affected": "7.10.6-rev35"
        },
        {
            "introduced": "7.10.6-rev36"
        },
        {
            "last_affected": "7.10.6-rev36"
        },
        {
            "introduced": "7.10.6-rev37"
        },
        {
            "last_affected": "7.10.6-rev37"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

7.*
7.10.0-0
7.10.0-2
7.10.3-0
7.10.4-0
7.10.4-1
7.10.5-0
7.10.5-1
7.10.5-2
7.10.6-21
7.10.6-37
7.10.6-NA
7.10.6-rev10
7.10.6-rev11
7.10.6-rev12
7.10.6-rev13
7.10.6-rev14
7.10.6-rev15
7.10.6-rev16
7.10.6-rev17
7.10.6-rev18
7.10.6-rev19
7.10.6-rev20
7.10.6-rev21
7.10.6-rev22
7.10.6-rev23
7.10.6-rev24
7.10.6-rev25
7.10.6-rev26
7.10.6-rev27
7.10.6-rev28
7.10.6-rev29
7.10.6-rev30
7.10.6-rev31
7.10.6-rev32
7.10.6-rev33
7.10.6-rev34
7.10.6-rev35
7.10.6-rev36
7.10.6-rev37
7.4.1-6
7.6.2-13
7.6.2-16
7.6.2-18
7.6.2-19
7.6.2-22
7.6.2-23
7.6.2-24
7.8.0-10
7.8.0-11
7.8.0-12
7.8.0-19
7.8.0-7
7.8.0-8
7.8.1-10
7.8.1-11
7.8.1-14
7.8.2-14
7.8.2-16
7.8.2-5
7.8.2-6
7.8.2-7
7.8.2-9
7.8.3-10
7.8.3-9
Other
as-next

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24604.json"