Lucene search

[email protected]NVD:CVE-2024-34055

HistoryJun 05, 2024 - 5:15 a.m.

CVE-2024-34055

2024-06-0505:15:49

CWE-770

[email protected]

web.nvd.nist.gov

cyrus imap

memory allocation

literals

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.0%

JSON

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

Affected configurations

NVD

Node

cyrusimapcyrus_imapRange<3.8.3

cyrusimapcyrus_imapMatch3.10.0alpha0

cyrusimapcyrus_imapMatch3.10.0beta1

cyrusimapcyrus_imapMatch3.10.0beta2

References

github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVZHUZDU4MGTTZJRNACTMSKXLNMMRLJ6/

www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html

www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.0%

JSON

Related for NVD:CVE-2024-34055

debiancve1 fedora2 osv2 nessus4 debian1 openvas2 freebsd1 cve1 cvelist1 vulnrichment1 redhatcve1 ubuntucve1