CVE-2002-1580
published 2004-06-14CVE-2002-1580: Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
16.52%
96.6th percentile
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| carnegie_mellon_university | cyrus_imap_server | — | — |
| debian | cyrus-imapd | < cyrus-imapd 1.5.19-9.10 (bookworm) | cyrus-imapd 1.5.19-9.10 (bookworm) |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xcv-v8fh-pcrc: Integer overflow in imapparse
ghsa_unreviewed·2022-04-30·CVSS 9.8
CVE-2002-1580 [CRITICAL] GHSA-5xcv-v8fh-pcrc: Integer overflow in imapparse
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
OSV
CVE-2002-1580: Integer overflow in imapparse
osv·2004-06-14·CVSS 9.8
CVE-2002-1580 [CRITICAL] CVE-2002-1580: Integer overflow in imapparse
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
Debian
CVE-2002-1580: cyrus-imapd - Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remo...
vendor_debian·2002·CVSS 9.8
CVE-2002-1580 [CRITICAL] CVE-2002-1580: cyrus-imapd - Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remo...
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
Scope: local
bookworm: resolved (fixed in 1.5.19-9.10)
bullseye: resolved (fixed in 1.5.19-9.10)
forky: resolved (fixed in 1.5.19-9.10)
sid: resolved (fixed in 1.5.19-9.10)
trixie: resolved (fixed in 1.5.19-9.10)
No detection rules found.
No writeups or analysis indexed.
http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557http://www.debian.org/security/2002/dsa-215http://www.kb.cert.org/vuls/id/740169http://www.securityfocus.com/archive/1/301864http://www.securityfocus.com/bid/6298https://exchange.xforce.ibmcloud.com/vulnerabilities/10744http://asg.web.cmu.edu/cyrus/download/imapd/changes.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557http://www.debian.org/security/2002/dsa-215http://www.kb.cert.org/vuls/id/740169http://www.securityfocus.com/archive/1/301864http://www.securityfocus.com/bid/6298https://exchange.xforce.ibmcloud.com/vulnerabilities/10744
2004-06-14
Published