CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33582 – cyrus-imapd: Denial of service via string hashing algorithm collisions
https://notcve.org/view.php?id=CVE-2021-33582
01 Sep 2021 — Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. Cyrus IMAP versiones anteriores a 3.4.2, permite a atacantes remotos causar una denegación de servicio (cuelgue del demonio de varios minutos) por medio de una entrada manejada inapropiadamente durante la interacción de la ta... • https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32056
https://notcve.org/view.php?id=CVE-2021-32056
10 May 2021 — Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. Cyrus IMAP versiones anteriores a 3.2.7, y versiones 3.3.x y versiones 3.4.x anteriores a 3.4.1, permite a usuarios autenticados remotos omitir las restricciones de acceso previstas en las anotaciones del servidor y, en consecuencia, provocar que la replicación se detenga • https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14230
https://notcve.org/view.php?id=CVE-2017-14230
10 Sep 2017 — In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. En la función mboxlist_do_find en imap/mboxlist.c en Cyrus IMAP en versiones anteriores a la 3.0.4, un error por un paso (off-by-one) en el cálculo de prefijos para el comando LIST pr... • https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 43EXPL: 0CVE-2015-8076
https://notcve.org/view.php?id=CVE-2015-8076
03 Dec 2015 — The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. La función index_urlfetch en index.c en Cyrus IMAP 2.3.x en versiones anteriores a 2.3.19, 2.4.x en versiones anteriores a 2.4.18, 2.5.x en versiones anteriores a 2.5.4 permite a atacantes remotos obtener informaci... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 43EXPL: 0CVE-2015-8077
https://notcve.org/view.php?id=CVE-2015-8077
03 Dec 2015 — Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. Desbordamiento de entero en la función index_urlfetch en imap/index.c en Cyrus IMAP 2.3.19, 2.4.18 y 2.5.6 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2015-8078
https://notcve.org/view.php?id=CVE-2015-8078
03 Dec 2015 — Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. Desbordamiento de entero en la función index_urlfetch en imap/index.c en Cyrus IMAP 2.3.19, 2.4.18 y 2.5.6 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionad... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2008-5514
https://notcve.org/view.php?id=CVE-2008-5514
23 Dec 2008 — Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow. Error de superación de límite en la función rfc822_output_char en las rutinas RFC822BUFFER de las bibliotecas c-client library, de la Universidad de Washinton (UW), como las ut... • http://secunia.com/advisories/33275 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •