Re: kopano-core 11.0.1: Remote DoS by memory exhaustion

[Jan Engelhardt <jengelh () inai de>]

On Friday 2021-03-19 13:44, Jan Engelhardt wrote:
> Initial publication, no CVE number yet (will request).
> […]
> The "kopano-ical" program implements a network service/trivial HTTP server.
> It imposes no length restrictions on HTTP headers, which can be exploited
> to memory-exhaust the process and have it terminate.

This was assigned CVE-2021-28994.