CVE-2021-33582

Updated: 2024-11-22 22:31:39.774519

Description:

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654107183 2022-06-14 14:43:29
CentOS 8.4 ELS cyrus-imapd 3.0.7 7.5 HIGH Not Vulnerable 2023-10-27 11:21:53
CentOS 8.5 ELS cyrus-imapd 3.0.7 7.5 HIGH Not Vulnerable 2023-10-27 11:21:53
CloudLinux 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654107338 2022-06-14 14:43:29
Oracle Linux 6 ELS cyrus-imapd 2.3.16 7.5 HIGH Released CLSA-2022:1654106950 2022-06-01 14:35:35
Ubuntu 16.04 ELS cyrus-imapd 2.4.18-3 7.5 HIGH Released CLSA-2022:1654174467 2022-06-02 11:51:43
Ubuntu 18.04 ELS cyrus-imapd 2.5.10-3 7.5 HIGH Released CLSA-2023:1688678110 2023-07-06 21:47:50