Arbitrary Code Execution

2020-04-1001:02:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.262 Low

EPSS

Percentile

96.8%

JSON

cyrus-imapd is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

CPENameOperatorVersion
cyrus-imapdeq2.2.12__10.el4_8.4
cyrus-imapdeq2.2.12__10.el4_8.1
cyrus-imapdeq2.2.12__15.el4
cyrus-imapdeq2.3.7__2.el5
cyrus-imapdeq2.3.7__7.el5_6.4
cyrus-imapdeq2.3.7__2.el5_3.2
cyrus-imapdeq2.3.7__7.el5_4.3
cyrus-imapdeq2.3.7__1.1.el5
cyrus-imapdeq2.3.7__7.el5
cyrus-imapdeq2.2.12__10.el4_8.4

Name	Operator	Version
cyrus-imapd	eq	2.2.12__10.el4_8.4
cyrus-imapd	eq	2.2.12__10.el4_8.1
cyrus-imapd	eq	2.2.12__15.el4
cyrus-imapd	eq	2.3.7__2.el5
cyrus-imapd	eq	2.3.7__7.el5_6.4
cyrus-imapd	eq	2.3.7__2.el5_3.2
cyrus-imapd	eq	2.3.7__7.el5_4.3
cyrus-imapd	eq	2.3.7__1.1.el5
cyrus-imapd	eq	2.3.7__7.el5
cyrus-imapd	eq	2.2.12__10.el4_8.4