Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-33582

Опубликовано: 01 сент. 2021
Источник: redhat
CVSS3: 7.5

Описание

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6cyrus-imapdOut of support scope
Red Hat Enterprise Linux 7cyrus-imapdOut of support scope
Red Hat Enterprise Linux 9cyrus-imapdNot affected
Red Hat Enterprise Linux 8cyrus-imapdFixedRHSA-2021:349213.09.2021
Red Hat Enterprise Linux 8.1 Extended Update Supportcyrus-imapdFixedRHSA-2021:354615.09.2021
Red Hat Enterprise Linux 8.2 Extended Update Supportcyrus-imapdFixedRHSA-2021:349313.09.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1993232cyrus-imapd: Denial of service via string hashing algorithm collisions

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-33582

CVSS3: 7.5
ubuntu
почти 4 года назад

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

nvd логотип

CVE-2021-33582

CVSS3: 7.5
nvd
почти 4 года назад

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

debian логотип

CVE-2021-33582

CVSS3: 7.5
debian
почти 4 года назад

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...

rocky логотип

RLSA-2021:3492

rocky
почти 4 года назад

Important: cyrus-imapd security update

github логотип

GHSA-prxx-4m38-9m83

CVSS3: 7.5
github
около 3 лет назад

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

7.5 High

CVSS3