Home > Vulnerability Database > CVE-2024-37358

Mend.io Vulnerability Database

CVE-2024-37358

Good to know:

Date: February 6, 2025

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.

Severity Score

8.6

Related Resources (7)

Url: https://seclists.org/oss-sec/2025/q1/104

Url: https://github.com/apache/james-project/commit/6dd3ad9ea1f6a9bc887d2c7af3f5aa30a60ec769

Url: https://github.com/apache/james-project

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37358

Url: https://lists.apache.org/thread/1pxsh11v5s3fkvhnqvkmlqwt3fgpcrqc

Url: https://github.com/apache/james-project/commit/b2f3c06edfd37b409121bf04c56a6f026048a77e

Url: https://www.mend.io/vulnerability-database/CVE-2024-37358

Severity Score

8.6

Weakness Type (CWE)

Improper Input Validation

CWE-20

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version org.apache.james.protocols:protocols-imap:3.7.6;org.apache.james.protocols:protocols-imap:3.8.2

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37358

Good to know:

Date: February 6, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?