CVE-2024-34055

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cyrusimap:cyrus_imap:*:*:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:alpha0:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta2:*:*:*:*:*:*

History

11 Jun 2024, 17:16

Type Values Removed Values Added
CWE CWE-770
References () https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489 - () https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489 - Patch, Release Notes
References () https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html - () https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html - Release Notes
References () https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html - () https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html - Release Notes
Summary
  • (es) Cyrus IMAP anterior a 3.8.3 y 3.10.x anterior a 3.10.0-rc1 permite a atacantes autenticados provocar una asignación de memoria ilimitada enviando muchos LITERAL en un solo comando.
First Time Cyrusimap
Cyrusimap cyrus Imap
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:cyrusimap:cyrus_imap:*:*:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta2:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:cyrusimap:cyrus_imap:3.10.0:alpha0:*:*:*:*:*:*

05 Jun 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-05 05:15

Updated : 2024-06-11 17:16


NVD link : CVE-2024-34055

Mitre link : CVE-2024-34055

CVE.ORG link : CVE-2024-34055


JSON object : View

Products Affected

cyrusimap

  • cyrus_imap
CWE
CWE-770

Allocation of Resources Without Limits or Throttling