cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Affected Software

CPE Name Name Version
cyrusimap:cyrus-sasl cyrusimap cyrus-sasl 2.1.28
debian:debian_linux debian debian linux 8.0
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 19.10
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 12.04
fedoraproject:fedora fedoraproject fedora 31
fedoraproject:fedora fedoraproject fedora 32
redhat:enterprise_linux redhat enterprise linux 7.0
redhat:enterprise_linux redhat enterprise linux 6.0
redhat:jboss_enterprise_web_server redhat jboss enterprise web server 2.0.0
redhat:enterprise_linux redhat enterprise linux 5.0
redhat:enterprise_linux redhat enterprise linux 8.0
apple:mac_os_x apple mac os x 10.14.6
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.4
redhat:enterprise_linux_eus redhat enterprise linux eus 8.4
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 8.4
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.4
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 8.0
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.4
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 8.0
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.4
redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions redhat enterprise linux server for power little endian update services for sap solutions 8.4
apple:mac_os_x apple mac os x 10.13.6
apple:iphone_os apple iphone os 13.6
apple:ipados apple ipados 13.6
apple:mac_os_x apple mac os x 10.15.6
apache:bookkeeper apache bookkeeper 4.12.1