22 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-33582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table...
CentOS 9 : cyrus-imapd-3.4.1-6.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the cyrus- imapd-3.4.1-6.el9 build changelog. - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during...
MGASA-2022-0247 Updated cyrus-imapd packages fix security vulnerability
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. CVE-2021-33582...
Fixed CVE-2021-33582 in cyrus-imapd
CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...
Rocky Linux 8 : cyrus-imapd (RLSA-2021:3492)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3492 advisory. - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table...
Amazon Linux AMI : cyrus-imapd (ALAS-2022-1559)
The version of cyrus-imapd installed on the remote host is prior to 2.4.22-1.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1559 advisory. A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored...
Important: cyrus-imapd
Issue Overview: A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this...
Amazon Linux 2 : cyrus-imapd (ALAS-2021-1725)
The version of cyrus-imapd installed on the remote host is prior to 2.4.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1725 advisory. A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored i...
RHEL 8 : cyrus-imapd (RHSA-2021:3546)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3546 advisory. The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP,...
CentOS 8 : cyrus-imapd (CESA-2021:3492)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3492 advisory. - cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Note that Nessus has not tested for this issue but has instead relied on...
Important: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RLSA-2021:3492 Important: cyrus-imapd security update
The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Security Fixes: cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 For more details...
cyrus-imapd security update
3.0.7-20.1 - Fix for CVE-2021-33582...
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.17-alt0.M80P.2
2.5.17-alt0.M80P.2 built Sept. 13, 2021 Sergey Y. Afonin in task 284610 Sept. 5, 2021 Sergey Y. Afonin - updated to latest cyrus-imapd-2.5 branch 6c804c1337cb; fixes: CVE-2021-33582...
Oracle Linux 8 : cyrus-imapd (ELSA-2021-3492)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3492 advisory. 3.0.7-20.1 - Fix for CVE-2021-33582 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...
RHEL 8 : cyrus-imapd (RHSA-2021:3492)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3492 advisory. The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP,...
RHEL 8 : cyrus-imapd (RHSA-2021:3493)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3493 advisory. The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP,...
Security fix for the ALT Linux 9 package cyrus-imapd version 3.2.8-alt1
3.2.8-alt1 built Sept. 9, 2021 Sergey Y. Afonin in task 284606 Sept. 5, 2021 Sergey Y. Afonin - 3.2.8 fixes: CVE-2021-33582...
FreeBSD : cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction (3d915d96-0b1f-11ec-8d9f-080027415d17)
Cyrus IMAP 3.4.2 Release Notes states : Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a...