CVE-2024-34055

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cyrusimap:cyrus_imap:*:*:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:alpha0:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta2:*:*:*:*:*:*

History

14 Jun 2024, 06:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVZHUZDU4MGTTZJRNACTMSKXLNMMRLJ6/ -

14 Jun 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/ -

11 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Cyrus IMAP anterior a 3.8.3 y 3.10.x anterior a 3.10.0-rc1 permite a atacantes autenticados provocar una asignación de memoria ilimitada enviando muchos LITERAL en un solo comando.
First Time Cyrusimap cyrus Imap
Cyrusimap
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-770
CPE cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta2:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:alpha0:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:*:*:*:*:*:*:*:*
References () https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489 - () https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489 - Patch, Release Notes
References () https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html - () https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html - Release Notes
References () https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html - () https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html - Release Notes

05 Jun 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-05 05:15

Updated : 2024-06-14 06:15


NVD link : CVE-2024-34055

Mitre link : CVE-2024-34055

CVE.ORG link : CVE-2024-34055


JSON object : View

Products Affected

cyrusimap

  • cyrus_imap
CWE
CWE-770

Allocation of Resources Without Limits or Throttling