34 matches found
OESA-2023-1262 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
CLSA-2022-1654107183 Fixed CVE-2021-33582 in cyrus-imapd
CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...
Fixed CVE-2021-33582 in cyrus-imapd
CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...
cyrus-imapd: Denial of service via string hashing algorithm collisions
A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...
CentOS 8 : cyrus-imapd (CESA-2021:3492)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3492 advisory. - cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Note that Nessus has not tested for this issue but has instead relied on...
Important: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
cyrus-imapd: Denial of service via string hashing algorithm collisions
A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...
Important: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
cyrus-imapd: Denial of service via string hashing algorithm collisions
A flaw was found in cyrus-imapd. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket. The highest threat from this vulnerability is to...
Important: cyrus-imapd security update
The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Security Fixes: cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 For more details...
RLSA-2021:3492 Important: cyrus-imapd security update
The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Security Fixes: cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 For more details...
cyrus-imapd security update
An update is available for cyrus-imapd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Cyrus IMAP server provides access to personal mail, system-wide...
FreeBSD : cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction (3d915d96-0b1f-11ec-8d9f-080027415d17)
Cyrus IMAP 3.4.2 Release Notes states : Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a...
Core: Hash Collision Denial of Service
It was found that string comparisons in .NET Core did not use a secure hashing algorithm. This could allow an attacker to predict string hashes and cause a denial of service by intentionally creating collisions thus forcing long look up times...