Candidate: CVE-2019-18180
PublicDate: 2019-12-05 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18180
 https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
Description:
 Improper Check for filenames with overly long extensions in PostMaster
 (sending in email) or uploading files (e.g. attaching files to mails) of
 ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an
 endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x
 version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions.
 OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_otrs2:
 upstream: https://github.com/OTRS/otrs/commit/799616eb43f7fb53cae4e04c81e2156baaf02e2b (6.x)
 upstream: https://github.com/OTRS/otrs/commit/76b301f4e3f45cb23bb6a3d6907028c733d11145 (5.x)
upstream_otrs2: needs-triage
precise/esm_otrs2: DNE
trusty_otrs2: ignored (out of standard support)
trusty/esm_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
bionic_otrs2: needed
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: ignored (reached end-of-life)
focal_otrs2: not-affected (6.0.24-1)
groovy_otrs2: not-affected (6.0.24-1)
hirsute_otrs2: not-affected (6.0.24-1)
impish_otrs2: not-affected (6.0.24-1)
jammy_otrs2: not-affected (6.0.24-1)
devel_otrs2: not-affected (6.0.24-1)