CVE-2014-0079
Zarafa < 6.20 - Denial of Service via NULL Password Handling
Title source: llmDescription
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:044
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1059903
Scores
EPSS
0.0181
EPSS Percentile
76.0%
Details
CWE
CWE-20
Status
published
Products (15)
zarafa/zarafa
5.00
zarafa/zarafa
5.01
zarafa/zarafa
5.02
zarafa/zarafa
5.10
zarafa/zarafa
5.11
zarafa/zarafa
5.20
zarafa/zarafa
5.22
zarafa/zarafa
6.00
zarafa/zarafa
6.01
zarafa/zarafa
6.02
... and 5 more
Published
Apr 28, 2014
Tracked Since
Feb 18, 2026