CVE-2014-0079

Zarafa < 6.20 - Denial of Service via NULL Password Handling

Title source: llm
STIX 2.1

Description

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:044
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1059903

Scores

EPSS 0.0181
EPSS Percentile 76.0%

Details

CWE
CWE-20
Status published
Products (15)
zarafa/zarafa 5.00
zarafa/zarafa 5.01
zarafa/zarafa 5.02
zarafa/zarafa 5.10
zarafa/zarafa 5.11
zarafa/zarafa 5.20
zarafa/zarafa 5.22
zarafa/zarafa 6.00
zarafa/zarafa 6.01
zarafa/zarafa 6.02
... and 5 more
Published Apr 28, 2014
Tracked Since Feb 18, 2026