CVE-2024-34055
published 2024-06-05CVE-2024-34055: Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | james_server | < 3.7.6 | 3.7.6 |
| apache | james_server | >= 3.8.0 < 3.8.2 | 3.8.2 |
| apache_software_foundation | apache_james_server | <= 3.7.5 | — |
| apache_software_foundation | apache_james_server | 3.8.0 – 3.8.1 | — |
| cyrusimap | cyrus_imap | < 3.8.3 | 3.8.3 |
| cyrusimap | cyrus_imap | — | — |
| debian | cyrus-imapd | < cyrus-imapd 3.6.1-4+deb12u2 (bookworm) | cyrus-imapd 3.6.1-4+deb12u2 (bookworm) |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv9.8CRITICAL