CVE-2024-23824

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23824
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23824.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23824
Aliases
  • GHSA-45rv-3c5p-w4h7
Published
2024-02-02T15:18:55.300Z
Modified
2026-04-10T05:09:39.018308Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
mailcow ipixel flood attack leads to Denial of Service in admin page
Details

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23824.json"
}
References

Affected packages

Git / github.com/mailcow/mailcow-dockerized

Affected ranges

Type
GIT
Repo
https://github.com/mailcow/mailcow-dockerized
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8ae762a8c80ce0d12659e918257fe5dbf78118d7

Affected versions

Other
2022-01
2022-01a
2022-03
2022-03a
2022-05
2022-05a
2022-05b
2022-05c
2022-05d
2022-06
2022-06a
2022-06b
2022-07
2022-07a
2022-08
2022-08a
2022-08b
2022-09
2022-09a
2022-10
2022-10a
2022-11
2022-11a
2022-11b
2022-12
2022-12a
2022-12b
2023-01
2023-01a
2023-02
2023-02a
2023-03
2023-04
2023-04a
2023-04b
2023-05
2023-05a
2023-07
2023-07a
2023-08
2023-09
2023-10
2023-10a
2023-11
2023-11a
2023-12
2023-12a
2024-01
2024-01a
2024-01b
2024-01c
2024-01d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23824.json"