{"id":"CVE-2023-24604","details":"OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.","modified":"2026-02-16T10:27:57.616898Z","published":"2023-05-29T03:15:09.833Z","references":[{"type":"WEB","url":"https://open-xchange.com"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2023/May/3"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2023/May/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open-xchange/appsuite-frontend","events":[{"introduced":"0"},{"fixed":"489e7d0bf2bb0dc4c984860c4ce6f4d772086875"}]}],"versions":["7.0.0-10","7.0.0-11","7.0.0-12","7.0.0-8","7.0.0-9","7.0.1-1","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.10.0-0","7.10.0-10","7.10.0-2","7.10.0-3","7.10.0-4","7.10.0-5","7.10.0-6","7.10.0-7","7.10.0-8","7.10.0-9","7.10.1-1","7.10.1-2","7.10.1-3","7.10.1-4","7.10.2-1","7.10.2-2","7.10.2-3","7.10.3-0","7.10.3-1","7.10.3-2","7.10.3-3","7.10.4-0","7.10.4-1","7.10.4-2","7.10.4-3","7.10.4-4","7.10.4-5","7.10.4-6","7.10.5-0","7.10.5-1","7.10.5-2","7.10.5-3","7.10.5-4","7.10.5-5","7.2.0-1","7.2.0-2","7.2.0-3","7.2.0-4","7.2.0-5","7.2.0-6","7.2.1-1","7.2.1-2","7.2.1-3","7.2.1-4","7.2.1-5","7.2.1-6","7.2.2-1","7.2.2-11","7.2.2-12","7.2.2-13","7.2.2-14","7.2.2-15","7.2.2-16","7.2.2-17","7.2.2-18","7.2.2-19","7.2.2-2","7.2.2-20","7.2.2-3","7.2.2-4","7.2.2-5","7.2.2-6","7.2.2-7","7.2.2-8","7.2.2-9","7.4.0-1","7.4.0-10","7.4.0-11","7.4.0-12","7.4.0-13","7.4.0-14","7.4.0-15","7.4.0-16","7.4.0-17","7.4.0-18","7.4.0-19","7.4.0-2","7.4.0-3","7.4.0-4","7.4.0-5","7.4.0-6","7.4.0-7","7.4.0-8","7.4.0-9","7.4.1-1","7.4.1-10","7.4.1-11","7.4.1-2","7.4.1-3","7.4.1-4","7.4.1-5","7.4.1-6","7.4.1-7","7.4.1-8","7.4.1-9","7.4.2-1","7.4.2-10","7.4.2-11","7.4.2-12","7.4.2-13","7.4.2-14","7.4.2-15","7.4.2-16","7.4.2-17","7.4.2-18","7.4.2-19","7.4.2-2","7.4.2-20","7.4.2-21","7.4.2-22","7.4.2-23","7.4.2-24","7.4.2-25","7.4.2-26","7.4.2-27","7.4.2-28","7.4.2-29","7.4.2-3","7.4.2-4","7.4.2-5","7.4.2-6","7.4.2-7","7.4.2-8","7.4.2-9","7.6.0-1","7.6.0-10","7.6.0-11","7.6.0-12","7.6.0-13","7.6.0-14","7.6.0-15","7.6.0-16","7.6.0-17","7.6.0-2","7.6.0-3","7.6.0-4","7.6.0-5","7.6.0-6","7.6.0-7","7.6.0-8","7.6.0-9","7.6.1-1","7.6.1-10","7.6.1-11","7.6.1-12","7.6.1-13","7.6.1-14","7.6.1-15","7.6.1-16","7.6.1-17","7.6.1-18","7.6.1-19","7.6.1-2","7.6.1-20","7.6.1-21","7.6.1-22","7.6.1-23","7.6.1-24","7.6.1-25","7.6.1-26","7.6.1-3","7.6.1-4","7.6.1-5","7.6.1-6","7.6.1-7","7.6.1-8","7.6.1-9","7.6.2-1","7.6.2-10","7.6.2-11","7.6.2-12","7.6.2-13","7.6.2-14","7.6.2-15","7.6.2-16","7.6.2-17","7.6.2-18","7.6.2-19","7.6.2-2","7.6.2-20","7.6.2-21","7.6.2-22","7.6.2-23","7.6.2-24","7.6.2-25","7.6.2-26","7.6.2-27","7.6.2-28","7.6.2-29","7.6.2-3","7.6.2-4","7.6.2-5","7.6.2-6","7.6.2-7","7.6.2-8","7.6.2-9","7.8.0-1","7.8.0-2","7.8.0-3","7.8.0-4","7.8.0-5","7.8.0-6","7.8.0-7","7.8.0-8","7.8.0-9","7.8.1-1","7.8.1-2","7.8.1-3","7.8.1-4","7.8.1-5","7.8.1-6","7.8.1-7","7.8.2-1","7.8.2-2","7.8.2-3","7.8.2-4","7.8.3-1","7.8.3-2","7.8.3-3","7.8.3-4","7.8.3-5","7.8.4-1","7.8.4-2","7.8.4-3","Test","as-next","sprint_20","sprintreview_2013_07_12"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24604.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}