Unbounded Memory Allocation Vulnerability in Cyrus IMAP
CVE-2024-34055

6.5MEDIUM

Key Information:

Vendor: Cyrus IMAP
Status: Cyrus Imap
Vendor: CVE Published:; 5 June 2024

What is CVE-2024-34055?

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

References

https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e831...

https://www.cyrusimap.org/imap/download/release-notes/3.8...

https://www.cyrusimap.org/dev/imap/download/release-notes...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2024