The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) “body[p”, (2) “binary[p”, or (3) “binary[p”) that cause an index increment error that leads to an out-of-bounds memory corruption.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cyrus-imapd | < 1.5.19-20 | cyrus-imapd_1.5.19-20_all.deb |
Debian | 11 | all | cyrus-imapd | < 1.5.19-20 | cyrus-imapd_1.5.19-20_all.deb |
Debian | 10 | all | cyrus-imapd | < 1.5.19-20 | cyrus-imapd_1.5.19-20_all.deb |
Debian | 999 | all | cyrus-imapd | < 1.5.19-20 | cyrus-imapd_1.5.19-20_all.deb |