cyrusimap/cyrus-imapd

cyrusimap/cyrus-imapd

Releases336

Frequency1 month 1 day

Last Release 18 days ago

Stars632

Cyrus IMAP is an email, contacts and calendar server

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-34055 ↗	Jun 5, 2024Wednesday, 5 June 2024, 05:15	6.5 MEDIUM	—
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
CVE-2021-33582 ↗	Sep 1, 2021Wednesday, 1 September 2021, 06:15	7.5 HIGH	5 MEDIUM
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
CVE-2017-14230 ↗	Sep 10, 2017Sunday, 10 September 2017, 07:29	—	6.4 MEDIUM
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
CVE-2017-12843 ↗	Aug 22, 2017Tuesday, 22 August 2017, 14:29	—	4 MEDIUM
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.