Back to search
CVE-2009-3235
Published: Sep 17, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36377
vdb-entry
x_refsource_BID
cmu-sieve-dovecot-unspecified-bo(53248)
vdb-entry
x_refsource_XF
36713
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:018
vendor-advisory
x_refsource_SUSE
[Dovecot-news] 20090914 Security holes in CMU Sieve plugin
mailing-list
x_refsource_MLIST
USN-838-1
vendor-advisory
x_refsource_UBUNTU
58103
vdb-entry
x_refsource_OSVDB
oval:org.mitre.oval:def:10515
vdb-entry
signature
x_refsource_OVAL
ADV-2009-3184
vdb-entry
x_refsource_VUPEN
SUSE-SR:2009:016
vendor-advisory
x_refsource_SUSE
36904
third-party-advisory
x_refsource_SECUNIA
36698
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2641
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-11-09-1
vendor-advisory
x_refsource_APPLE
FEDORA-2009-9559
vendor-advisory
x_refsource_FEDORA
[oss-security] 20090914 Re: CVE for recent cyrus-imap issue
mailing-list
x_refsource_MLIST
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now