Vulnerability in Carnegie_mellon_university Cyrus_imap_server
CVE-2004-1067
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
EPSS: 0.052 (91.4th percentile) — read the EPSS interpretation.
Affected products
- Carnegie_mellon_university Cyrus_imap_server — versions 1.4, 1.5.19, 2.0.12
- Redhat Fedora_core — versions core_2.0, core_3.0
- Ubuntu Ubuntu_linux — versions 4.1
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)