CVE-2011-3208

2011-09-1417:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3208

stack-based buffer overflow

nntpd.c

cyrus imap server

nvd

security vulnerability

remote code execution

nntp command

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.262 Low

EPSS

Percentile

96.7%

JSON

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

CPENameOperatorVersion
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.14
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.13
cmu:cyrus_imap_servercmu cyrus imap serverle2.3.16
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.13p1
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.17
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.6
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.0
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.11

CPE	Name	Operator	Version
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.14
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.13
cmu:cyrus_imap_server	cmu cyrus imap server	le	2.3.16
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.13p1
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.17
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.6
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.0
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.11