Description
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Timo Sirainen · textdoslinux
https://www.exploit-db.com/exploits/22061
References (8)
Core 8
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/740169
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6298
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10744
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/301864
Various Sources vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000557
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-215
Various Sources x_refsource_confirm
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
Scores
EPSS
0.4779
EPSS Percentile
97.7%
Details
Status
published
Products (6)
carnegie_mellon_university/cyrus_imap_server
1.4
carnegie_mellon_university/cyrus_imap_server
1.5.19
carnegie_mellon_university/cyrus_imap_server
2.0.12
carnegie_mellon_university/cyrus_imap_server
2.0.16
carnegie_mellon_university/cyrus_imap_server
2.1.9
carnegie_mellon_university/cyrus_imap_server
2.1.10
Published
Jun 14, 2004
Tracked Since
Feb 18, 2026