Lucene search

K
freebsdFreeBSDC0A269D5-3D16-11D9-8818-008088034841
HistoryNov 06, 2004 - 12:00 a.m.

Cyrus IMAPd -- FETCH command out of bounds memory corruption

2004-11-0600:00:00
vuxml.freebsd.org
16

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.107 Low

EPSS

Percentile

95.1%

The argument parser of the fetch command suffers a bug very
similiar to the partial command problem. Arguments like
“body[p”, “binary[p” or “binary[p” will be wrongly detected
and the bufferposition can point outside of the allocated
buffer for the rest of the parsing process. When the parser
triggers the PARSE_PARTIAL macro after such a malformed
argument was received this can lead to a similiar one byte
memory corruption and allows remote code execution, when the
heap layout was successfully controlled by the attacker.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchcyrus-imapd< 2.1.17UNKNOWN

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.107 Low

EPSS

Percentile

95.1%