MidnightBSD

Advisories for cyrusimap

CVE-2002-1347 HIGH

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,

Products Affected

Vendor Product Version
apple mac_os_x_server *
cyrusimap cyrus_sasl *
apple mac_os_x *
CVE-2017-12843 MEDIUM

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cyrusimap cyrus_imap *
fedoraproject fedora 26
CVE-2019-19906 MEDIUM

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 10.0
redhat enterprise_linux_server_tus 8.4
apple ipados 13.6
redhat jboss_enterprise_web_server 2.0.0
redhat enterprise_linux 7.0
apache bookkeeper 4.12.1
apple mac_os_x 10.13.6
apple mac_os_x *
canonical ubuntu_linux 16.04
redhat enterprise_linux 6.0
fedoraproject fedora 32
debian debian_linux 9.0
canonical ubuntu_linux 18.04
apple iphone_os 13.6
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
debian debian_linux 8.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux 5.0
redhat enterprise_linux_for_power_little_endian 8.0
canonical ubuntu_linux 19.10
apple mac_os_x 10.14.6
cyrusimap cyrus-sasl *
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
fedoraproject fedora 31
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_server_aus 8.4
CVE-2022-24407 MEDIUM

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
fedoraproject fedora 36
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.2.0
fedoraproject fedora 34
debian debian_linux 10.0
oracle communications_cloud_native_core_console 22.2.0
fedoraproject fedora 35
netapp ontap_select_deploy_administration_utility -
debian debian_linux 11.0
cyrusimap cyrus-sasl *
debian debian_linux 9.0
netapp active_iq_unified_manager -
CVE-2024-34055

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

Products Affected

Vendor Product Version
cyrusimap cyrus_imap 3.10.0
cyrusimap cyrus_imap *