Lucene search

[email protected]NVD:CVE-2011-3481

HistorySep 14, 2011 - 5:17 p.m.

CVE-2011-3481

2011-09-1417:17:07

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.021

Percentile

89.2%

JSON

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Affected configurations

Nvd

Node

cmucyrus_imap_serverRange≤2.4.10

cmucyrus_imap_serverMatch2.0.17

cmucyrus_imap_serverMatch2.1.16

cmucyrus_imap_serverMatch2.1.17

cmucyrus_imap_serverMatch2.1.18

cmucyrus_imap_serverMatch2.2.8

cmucyrus_imap_serverMatch2.2.9

cmucyrus_imap_serverMatch2.2.10

cmucyrus_imap_serverMatch2.2.11

cmucyrus_imap_serverMatch2.2.12

cmucyrus_imap_serverMatch2.2.13

cmucyrus_imap_serverMatch2.2.13p1

cmucyrus_imap_serverMatch2.3.0

cmucyrus_imap_serverMatch2.3.1

cmucyrus_imap_serverMatch2.3.2

cmucyrus_imap_serverMatch2.3.3

cmucyrus_imap_serverMatch2.3.4

cmucyrus_imap_serverMatch2.3.5

cmucyrus_imap_serverMatch2.3.6

cmucyrus_imap_serverMatch2.3.7

cmucyrus_imap_serverMatch2.3.8

cmucyrus_imap_serverMatch2.3.9

cmucyrus_imap_serverMatch2.3.10

cmucyrus_imap_serverMatch2.3.11

cmucyrus_imap_serverMatch2.3.12

cmucyrus_imap_serverMatch2.3.13

cmucyrus_imap_serverMatch2.3.14

cmucyrus_imap_serverMatch2.3.15

cmucyrus_imap_serverMatch2.3.16

cmucyrus_imap_serverMatch2.3.17

cmucyrus_imap_serverMatch2.4.0

cmucyrus_imap_serverMatch2.4.1

cmucyrus_imap_serverMatch2.4.2

cmucyrus_imap_serverMatch2.4.3

cmucyrus_imap_serverMatch2.4.4

cmucyrus_imap_serverMatch2.4.5

cmucyrus_imap_serverMatch2.4.6

cmucyrus_imap_serverMatch2.4.7

cmucyrus_imap_serverMatch2.4.8

cmucyrus_imap_serverMatch2.4.9

VendorProductVersionCPE
cmucyrus_imap_server*cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*
cmucyrus_imap_server2.0.17cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.16cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.17cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
cmucyrus_imap_server2.1.18cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.8cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.9cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.10cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.11cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
cmucyrus_imap_server2.2.12cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cmu	cyrus_imap_server	*	cpe:2.3:a:cmu:cyrus_imap_server::::::::
cmu	cyrus_imap_server	2.0.17	cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:::::::*
cmu	cyrus_imap_server	2.1.16	cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:::::::*
cmu	cyrus_imap_server	2.1.17	cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:::::::*
cmu	cyrus_imap_server	2.1.18	cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:::::::*
cmu	cyrus_imap_server	2.2.8	cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:::::::*
cmu	cyrus_imap_server	2.2.9	cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:::::::*
cmu	cyrus_imap_server	2.2.10	cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:::::::*
cmu	cyrus_imap_server	2.2.11	cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:::::::*
cmu	cyrus_imap_server	2.2.12	cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:::::::*