CVE-2014-0037
Zarafa < 7.1.8 beta2 - Denial of Service via NULL Username in ValidateUserLogon
Title source: llmDescription
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1056767
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/31/14
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:044
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1059903
Scores
EPSS
0.0242
EPSS Percentile
82.2%
Details
CWE
CWE-20
Status
published
Products (50)
zarafa/zarafa
5.00
zarafa/zarafa
5.01
zarafa/zarafa
5.02
zarafa/zarafa
5.10
zarafa/zarafa
5.11
zarafa/zarafa
5.20
zarafa/zarafa
5.22
zarafa/zarafa
6.00
zarafa/zarafa
6.01
zarafa/zarafa
6.02
... and 40 more
Published
Apr 28, 2014
Tracked Since
Feb 18, 2026