CVE-2011-3208 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cyrus Imap Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

7.5HIGHNVD

EPSS

9.8%

top 7.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CMU Cyrus Imap Server

Timeline

PublishedSep 14

Latest updateMay 14

Description

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcmu/cyrus_imap_server2.3.16+39

Patches

Patch: git.cyrusimap.org ↗Patch: git.cyrusimap.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-46rx-vcfq-hxc2: Stack-based buffer overflow in the split_wildmats function in nntpd↗2022-05-14

▶

📋Vendor Advisories

Red Hat

cyrus-imapd: nntpd buffer overflow in split_wildmats()↗2011-09-08

▶

💬Community

Bugzilla

CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats() [fedora-all]↗2011-09-08

▶

Bugzilla

CVE-2011-3208 cyrus-imapd: nntpd buffer overflow in split_wildmats()↗2011-08-31

▶