Описание
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cyrus-imapd | fixed | 3.4.2-1 | package | |
| cyrus-imapd | fixed | 3.2.6-2+deb11u1 | bullseye | package |
| cyrus-imapd | fixed | 3.0.8-6+deb10u6 | buster | package |
| cyrus-imapd-2.4 | removed | package |
Примечания
https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master)
https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master)
https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master)
EPSS
Связанные уязвимости
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
EPSS