Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations

Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
History

Mon, 01 Sep 2025 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Mon, 01 Sep 2025 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache james Server
Weaknesses CWE-770
CPEs cpe:2.3:a:apache:james_server:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache james Server

Thu, 06 Feb 2025 11:30:00 +0000

Type Values Removed Values Added
Description Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
Title Apache James: denial of service through the use of IMAP literals
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-09-01T09:40:18.781Z

Reserved: 2024-06-06T07:07:32.731Z

Link: CVE-2024-37358

cve-icon Vulnrichment

Updated: 2025-02-12T19:41:46.080Z

cve-icon NVD

Status : Modified

Published: 2025-02-06T12:15:26.343

Modified: 2025-09-01T10:15:30.703

Link: CVE-2024-37358

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:31:48Z