cbcvebase.
CVE-2002-1580
published 2004-06-14

CVE-2002-1580: Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that…

PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
16.52%
96.6th percentile
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.

Affected

7 ranges
VendorProductVersion rangeFixed in
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
debiancyrus-imapd< cyrus-imapd 1.5.19-9.10 (bookworm)cyrus-imapd 1.5.19-9.10 (bookworm)

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.