Description
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE2J regular expression engine to execute regex in linear time without back-tracking.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/01/04/2
https://www.openwall.com/lists/oss-security/2022/01/04/2
Related Vulnerabilities
CVE-2022-31943 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2023-26135 Vulnerability in npm package flatnest
CVE-2019-1003094 Vulnerability in maven package org.jenkins-ci.plugins:open-stf
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-record-serialization-services
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:portal-impl