GHSA-345h-r9m2-jr4pMediumCVSS 4.3
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the...
🔗 CVE IDs covered (1)
📋 Description
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
🔗 References (9)
- https://nvd.nist.gov/vuln/detail/CVE-2026-62642
- https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89
- https://github.com/roundcube/roundcubemail/commit/877269c79359d959a94f13c9070cab0f3389c193
- https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38
- https://github.com/roundcube/roundcubemail/commit/fb952956c6eaf29e963f1a718d028d66e7957ce0
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.17
- https://github.com/roundcube/roundcubemail/releases/tag/1.7.2
- https://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2
- https://github.com/advisories/GHSA-345h-r9m2-jr4p