CVE-2021-33582

Updated: 2023-11-07 20:03:47.382561

Description:

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654107183 2022-06-14 14:43:29
CentOS 8.4 ELS cyrus-imapd 3.0.7 7.5 HIGH Not Vulnerable 2023-10-27 11:21:53
CentOS 8.5 ELS cyrus-imapd 3.0.7 7.5 HIGH Not Vulnerable 2023-10-27 11:21:53
CloudLinux 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654107338 2022-06-14 14:43:29
Oracle Linux 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654106950 2022-06-01 14:35:35
Ubuntu 16.04 ELS cyrus-imapd 2.4.18-3 7.5 HIGH Released CLSA-2022:1654174467 2022-06-02 11:51:43
Ubuntu 18.04 ELS cyrus-imapd 2.5.10-3 7.5 HIGH Released CLSA-2023:1688678110 2023-07-06 21:47:50