CVE-2014-0037

Zarafa < 7.1.8 beta2 - Denial of Service via NULL Username in ValidateUserLogon

Title source: llm
STIX 2.1

Description

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1056767
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/31/14
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:044
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1059903

Scores

EPSS 0.0242
EPSS Percentile 82.2%

Details

CWE
CWE-20
Status published
Products (50)
zarafa/zarafa 5.00
zarafa/zarafa 5.01
zarafa/zarafa 5.02
zarafa/zarafa 5.10
zarafa/zarafa 5.11
zarafa/zarafa 5.20
zarafa/zarafa 5.22
zarafa/zarafa 6.00
zarafa/zarafa 6.01
zarafa/zarafa 6.02
... and 40 more
Published Apr 28, 2014
Tracked Since Feb 18, 2026