Updated: 2024-11-22 22:31:39.774519
Description:
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | cyrus-imapd | 2.3.16 | 7.5 | HIGH | Released | CLSA-2022:1654107183 | 2022-06-14 14:43:29 | |
CentOS 8.4 ELS | cyrus-imapd | 3.0.7 | 7.5 | HIGH | Not Vulnerable | 2023-10-27 11:21:53 | ||
CentOS 8.5 ELS | cyrus-imapd | 3.0.7 | 7.5 | HIGH | Not Vulnerable | 2023-10-27 11:21:53 | ||
CloudLinux 6 ELS | cyrus-imapd | 2.3.16 | 7.5 | HIGH | Released | CLSA-2022:1654107338 | 2022-06-14 14:43:29 | |
Oracle Linux 6 ELS | cyrus-imapd | 2.3.16 | 7.5 | HIGH | Released | CLSA-2022:1654106950 | 2022-06-01 14:35:35 | |
Ubuntu 16.04 ELS | cyrus-imapd | 2.4.18-3 | 7.5 | HIGH | Released | CLSA-2022:1654174467 | 2022-06-02 11:51:43 | |
Ubuntu 18.04 ELS | cyrus-imapd | 2.5.10-3 | 7.5 | HIGH | Released | CLSA-2023:1688678110 | 2023-07-06 21:47:50 |