Описание
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | vulnerable code introduced later |
| cosmic | not-affected | vulnerable code introduced later |
| devel | not-affected | vulnerable code introduced later |
| esm-apps/bionic | not-affected | vulnerable code introduced later |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | vulnerable code introduced later |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-apps/xenial | not-affected | vunerable code introduced later |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [vunerable code introduced later]] |
| precise/esm | DNE | |
| trusty | not-affected | vunerable code introduced later |
| trusty/esm | DNE | trusty was not-affected [vunerable code introduced later] |
| upstream | not-affected | vunerable code introduced later |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP befo ...
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3