Login Sign Up

CVE-2024-48938

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows denial-of-service attacks against Znuny systems through specially crafted emails. Attackers can send emails containing HTML copied from Microsoft Word that causes excessive CPU consumption, potentially blocking email processing. Organizations running vulnerable Znuny versions are affected.

💻 Affected Systems

Products:
  • Znuny
Versions: LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with email processing enabled are vulnerable. The vulnerability triggers when parsing specific HTML content from Microsoft Word.

📦 What is this software?

Znuny by Znuny

View all CVEs affecting Znuny →

Znuny by Znuny

View all CVEs affecting Znuny →

Znuny by Znuny

View all CVEs affecting Znuny →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete email processing system outage, blocking all incoming and outgoing email functionality, potentially affecting business operations.

🟠

Likely Case

Degraded email processing performance, delayed email delivery, and temporary service interruptions during attack periods.

🟢

If Mitigated

Minimal impact with proper monitoring and rate limiting in place, though some performance degradation may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted emails but does not require authentication. The attack vector is simple and could be automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LTS 6.5.11 and 7.0.17

Vendor Advisory: https://www.znuny.org/en/advisories/zsa-2024-04

Restart Required: Yes

Instructions:

1. Backup your Znuny installation and database. 2. Download the patched version from the official Znuny website. 3. Follow the official upgrade guide for your version. 4. Restart all Znuny services after upgrade.

🔧 Temporary Workarounds

Email Filtering

all

Implement email filtering to block or quarantine emails containing HTML content from Microsoft Word

Rate Limiting

all

Configure rate limiting on email processing to prevent mass exploitation

🧯 If You Can't Patch

  • Implement strict email filtering to block HTML content from external sources
  • Monitor CPU usage on Znuny servers and implement alerting for abnormal spikes

🔍 How to Verify

Check if Vulnerable:

Check Znuny version via Admin interface or command line. If version is between 6.5.1-6.5.10 or 7.0.1-7.0.16, system is vulnerable.

Check Version:

znuny.Console.pl Maint::Config::Dump --options="Version"

Verify Fix Applied:

Verify version is 6.5.11 or higher for LTS 6.5.x, or 7.0.17 or higher for 7.0.x series.

📡 Detection & Monitoring

Log Indicators:

  • High CPU usage alerts
  • Email processing timeouts
  • Failed email parsing attempts

Network Indicators:

  • Unusual volume of emails from single sources
  • Emails with specific HTML patterns

SIEM Query:

source="znuny" AND (cpu_usage>90 OR process_time>30s)

📊 Metadata

CVE ID: CVE-2024-48938
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
Published: October 11, 2024
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48938, you might also want to check these:

CVE-2023-29487 9.1

This CVE describes a denial-of-service vulnerability in Heimdal Thor agent's Threat To Process Corre...

Same vulnerability type (CWE-1333)
CVE-2025-62484 8.1

A regular expression complexity vulnerability in Zoom Workplace Clients allows unauthenticated attac...

Same vulnerability type (CWE-1333)
CVE-2024-4148 7.5

A Regular Expression Denial of Service (ReDoS) vulnerability in lunary-ai/lunary version 1.2.10 allo...

Same vulnerability type (CWE-1333)