cbcvebase.
CVE-2004-1012
published 2005-01-10

CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain…

PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.95%
92.4th percentile
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

Affected

23 ranges
VendorProductVersion rangeFixed in
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
conectivalinux
conectivalinux
debiancyrus-imapd< cyrus-imapd 1.5.19-20 (bookworm)cyrus-imapd 1.5.19-20 (bookworm)
openpkgopenpkg
redhatfedora_core
redhatfedora_core
trustixsecure_linux
trustixsecure_linux
trustixsecure_linux
ubuntuubuntu_linux

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.