SUSE CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

USN-5301-1 cyrus-sasl2 vulnerability

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

cyrus-sasl digest-md5 DoS

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

cyrus-sasl digest-md5 DoS

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

PT-2002-2273 · Cyrus · Cyrus Sasl Library

Name of the Vulnerable Software and Affected Versions: Cyrus SASL library versions 2.1.9 and earlier Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via multiple buffer overflows. These overflows can occur due to long inputs during...