Lucene search

K

[email protected]NVD:CVE-2011-3481

HistorySep 14, 2011 - 5:17 p.m.

CVE-2011-3481

2011-09-1417:17:07

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Affected configurations

NVD

Node

cmucyrus_imap_serverRange≤2.4.10

OR

cmucyrus_imap_serverMatch2.0.17

OR

cmucyrus_imap_serverMatch2.1.16

OR

cmucyrus_imap_serverMatch2.1.17

OR

cmucyrus_imap_serverMatch2.1.18

OR

cmucyrus_imap_serverMatch2.2.8

OR

cmucyrus_imap_serverMatch2.2.9

OR

cmucyrus_imap_serverMatch2.2.10

OR

cmucyrus_imap_serverMatch2.2.11

OR

cmucyrus_imap_serverMatch2.2.12

OR

cmucyrus_imap_serverMatch2.2.13

OR

cmucyrus_imap_serverMatch2.2.13p1

OR

cmucyrus_imap_serverMatch2.3.0

OR

cmucyrus_imap_serverMatch2.3.1

OR

cmucyrus_imap_serverMatch2.3.2

OR

cmucyrus_imap_serverMatch2.3.3

OR

cmucyrus_imap_serverMatch2.3.4

OR

cmucyrus_imap_serverMatch2.3.5

OR

cmucyrus_imap_serverMatch2.3.6

OR

cmucyrus_imap_serverMatch2.3.7

OR

cmucyrus_imap_serverMatch2.3.8

OR

cmucyrus_imap_serverMatch2.3.9

OR

cmucyrus_imap_serverMatch2.3.10

OR

cmucyrus_imap_serverMatch2.3.11

OR

cmucyrus_imap_serverMatch2.3.12

OR

cmucyrus_imap_serverMatch2.3.13

OR

cmucyrus_imap_serverMatch2.3.14

OR

cmucyrus_imap_serverMatch2.3.15

OR

cmucyrus_imap_serverMatch2.3.16

OR

cmucyrus_imap_serverMatch2.3.17

OR

cmucyrus_imap_serverMatch2.4.0

OR

cmucyrus_imap_serverMatch2.4.1

OR

cmucyrus_imap_serverMatch2.4.2

OR

cmucyrus_imap_serverMatch2.4.3

OR

cmucyrus_imap_serverMatch2.4.4

OR

cmucyrus_imap_serverMatch2.4.5

OR

cmucyrus_imap_serverMatch2.4.6

OR

cmucyrus_imap_serverMatch2.4.7

OR

cmucyrus_imap_serverMatch2.4.8

OR

cmucyrus_imap_serverMatch2.4.9

References

bugzilla.cyrusimap.org/show_bug.cgi?id=2772

bugzilla.cyrusimap.org/show_bug.cgi?id=3463

git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5

www.mandriva.com/security/advisories?name=MDVSA-2012:037

www.redhat.com/support/errata/RHSA-2011-1508.html

exchange.xforce.ibmcloud.com/vulnerabilities/69842

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

Related for NVD:CVE-2011-3481

cve1 ubuntucve1 nessus13 securityvulns1 prion1 cvelist1 openvas18 veracode1 osv1 debian1 centos1 redhat1 oraclelinux1 amazon1 gentoo1