CVE-2011-3481

2011-09-1417:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

security

denial of service

imap

cyrus imap server

cve-2011-3481

null pointer dereference

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

89.1%

JSON

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

CPENameOperatorVersion
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.13
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.13p1
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.12
cmu:cyrus_imap_servercmu cyrus imap servereq2.4.1
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.17
cmu:cyrus_imap_servercmu cyrus imap servereq2.4.5
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.6
cmu:cyrus_imap_servercmu cyrus imap servereq2.3.0
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.11

CPE	Name	Operator	Version
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.13
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.13p1
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.12
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.4.1
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.17
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.4.5
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.6
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.3.0
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.11