CVE-2024-34055
First published: Wed Jun 05 2024(Updated: )
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cyrusimap Cyrus Imap | <3.8.3 | |
| Cyrusimap Cyrus Imap | =3.10.0-alpha0 | |
| Cyrusimap Cyrus Imap | =3.10.0-beta1 | |
| Cyrusimap Cyrus Imap | =3.10.0-beta2 | |
| redhat/cyrus imap | <3.8.3 | 3.8.3 |
| redhat/cyrus imap | <3.10.0 | 3.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVZHUZDU4MGTTZJRNACTMSKXLNMMRLJ6/
- https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html
- https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2290512
- https://access.redhat.com/errata/RHSA-2024:9195
- https://bugzilla.redhat.com/show_bug.cgi?id=2290510
- agent/description
- agent/type
- agent/author
- agent/severity
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/event
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-34055
- vendor/cyrusimap
- canonical/cyrusimap cyrus imap
- version/cyrusimap cyrus imap/3.10.0-alpha0
- version/cyrusimap cyrus imap/3.10.0-beta1
- version/cyrusimap cyrus imap/3.10.0-beta2
- package-manager/redhat