Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
References
Configurations
Configuration 1 (hide)
|
History
14 Jun 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Cyrusimap cyrus Imap
Cyrusimap |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-770 | |
CPE | cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta2:*:*:*:*:*:* cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:alpha0:*:*:*:*:*:* cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta1:*:*:*:*:*:* cpe:2.3:a:cyrusimap:cyrus_imap:*:*:*:*:*:*:*:* |
|
References | () https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489 - Patch, Release Notes | |
References | () https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html - Release Notes | |
References | () https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html - Release Notes |
05 Jun 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-05 05:15
Updated : 2024-06-14 06:15
NVD link : CVE-2024-34055
Mitre link : CVE-2024-34055
CVE.ORG link : CVE-2024-34055
JSON object : View
Products Affected
cyrusimap
- cyrus_imap
CWE
CWE-770
Allocation of Resources Without Limits or Throttling