10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.104 Low
EPSS
Percentile
95.0%
When the option imapmagicplus is activated on a server the
PROXY and LOGIN commands suffer a standard stack overflow,
because the username is not checked against a maximum length
when it is copied into a temporary stack buffer. This bug is
especially dangerous because it can be triggered before any
kind of authentification took place.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | cyrus-imapd | = 2.2.4 | UNKNOWN |
FreeBSD | any | noarch | cyrus-imapd | <= 2.2.8 | UNKNOWN |