View Issue Details

IDProjectCategoryView StatusLast Update
0005355SOGoBackend Address Bookpublic2021-07-12 09:10
Reporterrschuetz Assigned To 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status newResolutionopen 
Summary0005355: CardDAV addressbook-multiget report denial-of-service

A CardDAV addressbook-multiget report request like

<card:addressbook-multiget xmlns:card="urn:ietf:params:xml:ns:carddav" xmlns:cs="; xmlns:d="DAV:">

for a LDAP-backed addressbook creates n concurrent connections to the LDAP server. This can quickly lead to a denial-of-service situation, if the open file descriptors limit of the SOGo or LDAP process is reached. A better approach would be to reuse a single connection for all n LDAP search operations.

TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-07-12 09:10 rschuetz New Issue