CVE-2002-1347 — Incorrect Calculation of Buffer Size in Cyrus-imapd

CWE-131 — Incorrect Calculation of Buffer Size11 documents7 sources

Severity

9.8CRITICALNVD

NVD7.5

EPSS

10.0%

top 6.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server Debian Cyrus-imapd +3 more

Timeline

PublishedDec 18

Latest updateApr 30

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/cyrus-sasl2< cyrus-sasl2 2.1.10-1 (bookworm)

▶NVDcyrusimap/cyrus_sasl2.1.9

▶debiandebian/cyrus-imapd< cyrus-imapd 1.5.19-9.10 (bookworm)

▶NVDcarnegie_mellon_university/cyrus_imap_server6 versions+5

▶NVDapple/mac_os_x< 10.3.8

Patches

Patch: marc.info ↗Patch: marc.info ↗

🔴Vulnerability Details

GHSA

GHSA-5xcv-v8fh-pcrc: Integer overflow in imapparse↗2022-04-30

▶

GHSA

GHSA-hmpx-mhc7-wxwr: Multiple buffer overflows in Cyrus SASL library 2↗2022-04-30

▶

OSV

CVE-2002-1580: Integer overflow in imapparse↗2004-06-14

▶

OSV

CVE-2002-1347: Multiple buffer overflows in Cyrus SASL library 2↗2002-12-18

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-09

▶

Debian

CVE-2002-1580: cyrus-imapd - Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remo...↗2002

▶

Debian

CVE-2002-1347: cyrus-sasl2 - Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote a...↗2002

▶

📐Framework References

CWE

Incorrect Calculation of Buffer Size↗

▶

💬Community

Bugzilla

CVE-2002-1347 security flaw↗2018-08-16

▶