CVE-2004-2650: Apache James Denial of Service

April 29, 2022 (updated September 18, 2023)

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

References

issues.apache.org/jira/browse/JAMES-268
james.apache.org/changelog.html
www.securityfocus.com/bid/15765
github.com/advisories/GHSA-92j7-34x9-f3jw
nvd.nist.gov/vuln/detail/CVE-2004-2650

Code Behaviors & Features

Detect and mitigate CVE-2004-2650 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →