"cyrusimap" — Vulnerability Search

3 vulnerabilities found for “cyrusimap”

CVE-2024-34055

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

cyrusimap / cyrus_imap+3

Network

Published Jun 5, 2024

CVE-2022-24407

HIGH8.8

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

cyrusimap / cyrus-sasl+11

Network

Published Feb 24, 2022

CVE-2019-19906

HIGH7.5

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

cyrusimap / cyrus-sasl+53

Network

Published Dec 19, 2019

Search Vulnerabilities