View Issue Details

IDProjectCategoryView StatusLast Update
0005355SOGoBackend Address Bookpublic2021-09-30 12:14
Reporterrschuetz Assigned Tofrancis  
PrioritynormalSeveritycrashReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version5.3.0 
Summary0005355: CardDAV addressbook-multiget report denial-of-service

A CardDAV addressbook-multiget report request like

<card:addressbook-multiget xmlns:card="urn:ietf:params:xml:ns:carddav" xmlns:cs="; xmlns:d="DAV:">

for a LDAP-backed addressbook creates n concurrent connections to the LDAP server. This can quickly lead to a denial-of-service situation, if the open file descriptors limit of the SOGo or LDAP process is reached. A better approach would be to reuse a single connection for all n LDAP search operations.

TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-07-12 13:10 rschuetz New Issue
2021-09-30 12:14 francis Source_changeset_attached => sogo master 3da633ae
2021-09-30 12:14 francis Assigned To => francis
2021-09-30 12:14 francis Resolution open => fixed
2021-09-30 12:14 francis Status new => resolved
2021-09-30 12:14 francis Fixed in Version => 5.3.0