CVE-2021-40110

Regular expression Denial of Service in maven/org.jamesframework/james

Identifiers

CVE-2021-40110

Package Slug

maven/org.jamesframework/james

Vulnerability

Regular expression Denial of Service

Description

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.

Affected Versions

All versions before 3.6.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-01-13

source