CVE-2017-12843Improper Input Validation in Cyrus Imap

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cyrusimap Cyrus ImapFedoraproject Fedora
Timeline
PublishedAug 22
Latest updateMay 17

Description

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

Also affects: Fedora 26

🔴Vulnerability Details

2
GHSA
GHSA-7gjp-mccf-jrm5: Cyrus IMAP before 32022-05-17
CVEList
CVE-2017-12843: Cyrus IMAP before 32017-08-22

📋Vendor Advisories

1
Debian
CVE-2017-12843: cyrus-imapd - Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary ...2017
CVE-2017-12843 — Improper Input Validation | cvebase