Test Kennung:	1.3.6.1.4.1.25623.1.0.146616
Kategorie:	Denial of Service
Titel:	Cyrus IMAP < 3.0.16, 3.2.x < 3.2.8, 3.4.x < 3.4.2 DoS Vulnerability
Zusammenfassung:	Cyrus IMAP is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: Cyrus IMAP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes. Affected Software/OS: Cyrus IMAP prior to version 3.0.16, version 3.2.x through 3.2.7 and 3.4.x through 3.4.1. Solution: Update to version 3.0.16, 3.2.8, 3.4.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33582 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/ https://github.com/cyrusimap/cyrus-imapd/commits/master https://github.com/cyrusimap/cyrus-imapd/security/advisories https://www.cyrusimap.org/imap/download/release-notes/index.html https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.