Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1580

6 documents6 sources

Severity

7.5HIGH

EPSS

47.8%

top 2.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Carnegie Mellon University Cyrus Imap Server

Timeline

PublishedJun 14

Latest updateApr 30

Description

Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDcarnegie_mellon_university/cyrus_imap_server6 versions+5

▶Debiancyrus-imapd< 1.5.19-9.10+3

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xcv-v8fh-pcrc: Integer overflow in imapparse↗2022-04-30

▶

OSV

CVE-2002-1580: Integer overflow in imapparse↗2004-06-14

▶

CVEList

CVE-2002-1580: Integer overflow in imapparse↗2004-05-20

▶

💥Exploits & PoCs

Exploit-DB

Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption↗2002-12-02

▶

📋Vendor Advisories

Debian

CVE-2002-1580: cyrus-imapd - Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remo...↗2002

▶