Back to search
CVE-2021-33582
Published: Sep 1, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.cyrusimap.org/imap/download/release-notes/index.html
x_refsource_MISC
https://github.com/cyrusimap/cyrus-imapd/security/advisories
x_refsource_MISC
https://github.com/cyrusimap/cyrus-imapd/commits/master
x_refsource_MISC
FEDORA-2022-c30b1a8aa3
vendor-advisory
x_refsource_FEDORA
FEDORA-2022-d45bcc5447
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20220619 [SECURITY] [DLA 3052-1] cyrus-imapd security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now