Lucene search

[email protected]CVE-2021-33582

HistorySep 01, 2021 - 6:15 a.m.

CVE-2021-33582

2021-09-0106:15:00

CWE-407

[email protected]

web.nvd.nist.gov

cyrus imap

cve-2021-33582

denial of service

nvd

3.4.2

3.2.8

3.0.16

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

CPENameOperatorVersion
cyrus:imapcyrus imaplt3.0.16
cyrus:imapcyrus imaplt3.2.8
cyrus:imapcyrus imaplt3.4.2
fedoraproject:fedorafedoraproject fedoraeq34
fedoraproject:fedorafedoraproject fedoraeq35
debian:debian_linuxdebian debian linuxeq9.0

CPE	Name	Operator	Version
cyrus:imap	cyrus imap	lt	3.0.16
cyrus:imap	cyrus imap	lt	3.2.8
cyrus:imap	cyrus imap	lt	3.4.2
fedoraproject:fedora	fedoraproject fedora	eq	34
fedoraproject:fedora	fedoraproject fedora	eq	35
debian:debian_linux	debian debian linux	eq	9.0