Lucene search

[email protected]CVE-2011-3208

HistorySep 14, 2011 - 5:17 p.m.

CVE-2011-3208

2011-09-1417:17:07

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3208

stack-based buffer overflow

nntpd.c

cyrus imap server

nvd

security vulnerability

remote code execution

nntp command

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.262 Low

EPSS

Percentile

96.8%

JSON

Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

Affected configurations

NVD

Node

cmucyrus_imap_serverRange≤2.3.16

cmucyrus_imap_serverMatch2.0.17

cmucyrus_imap_serverMatch2.1.16

cmucyrus_imap_serverMatch2.1.17

cmucyrus_imap_serverMatch2.1.18

cmucyrus_imap_serverMatch2.2.8

cmucyrus_imap_serverMatch2.2.9

cmucyrus_imap_serverMatch2.2.10

cmucyrus_imap_serverMatch2.2.11

cmucyrus_imap_serverMatch2.2.12

cmucyrus_imap_serverMatch2.2.13

cmucyrus_imap_serverMatch2.2.13p1

cmucyrus_imap_serverMatch2.2.14

cmucyrus_imap_serverMatch2.3.0

cmucyrus_imap_serverMatch2.3.1

cmucyrus_imap_serverMatch2.3.2

cmucyrus_imap_serverMatch2.3.3

cmucyrus_imap_serverMatch2.3.4

cmucyrus_imap_serverMatch2.3.5

cmucyrus_imap_serverMatch2.3.6

cmucyrus_imap_serverMatch2.3.7

cmucyrus_imap_serverMatch2.3.8

cmucyrus_imap_serverMatch2.3.9

cmucyrus_imap_serverMatch2.3.10

cmucyrus_imap_serverMatch2.3.11

cmucyrus_imap_serverMatch2.3.12

cmucyrus_imap_serverMatch2.3.13

cmucyrus_imap_serverMatch2.3.14

cmucyrus_imap_serverMatch2.3.15

Node

cmucyrus_imap_serverMatch2.4.0

cmucyrus_imap_serverMatch2.4.1

cmucyrus_imap_serverMatch2.4.2

cmucyrus_imap_serverMatch2.4.3

cmucyrus_imap_serverMatch2.4.4

cmucyrus_imap_serverMatch2.4.5

cmucyrus_imap_serverMatch2.4.6

cmucyrus_imap_serverMatch2.4.7

cmucyrus_imap_serverMatch2.4.8

cmucyrus_imap_serverMatch2.4.9

cmucyrus_imap_serverMatch2.4.10

CPENameOperatorVersion
cmu:cyrus_imap_servercmu cyrus imap serverle2.3.16
cmu:cyrus_imap_servercmu cyrus imap servereq2.0.17
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.16
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.17
cmu:cyrus_imap_servercmu cyrus imap servereq2.1.18
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.8
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.9
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.10
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.11
cmu:cyrus_imap_servercmu cyrus imap servereq2.2.12

CPE	Name	Operator	Version
cmu:cyrus_imap_server	cmu cyrus imap server	le	2.3.16
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.0.17
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.16
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.17
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.1.18
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.8
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.9
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.10
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.11
cmu:cyrus_imap_server	cmu cyrus imap server	eq	2.2.12