CVE-2011-3481 — NULL Pointer Dereference in Cyrus Imap Server

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 21.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CMU Cyrus Imap Server

Timeline

PublishedSep 14

Latest updateMay 14

Description

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcmu/cyrus_imap_server2.4.10+39

Patches

Patch: git.cyrusimap.org ↗Patch: git.cyrusimap.org ↗

🔴Vulnerability Details

GHSA

GHSA-6h43-3p3w-2945: The index_get_ids function in index↗2022-05-14

▶

📋Vendor Advisories

Red Hat

cyrus-imapd: NULL pointer dereference via crafted References header in email↗2005-12-17

▶

💬Community

Bugzilla

CVE-2011-3481 cyrus-imapd: NULL pointer dereference via crafted References header in email↗2011-09-14

▶