Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in cached header handling, (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imapd | Cyrus | 2.0.17 (including) | 2.0.17 (including) |
| Imapd | Cyrus | 2.1.16 (including) | 2.1.16 (including) |
| Imapd | Cyrus | 2.1.17 (including) | 2.1.17 (including) |
| Imapd | Cyrus | 2.1.18 (including) | 2.1.18 (including) |
| Imapd | Cyrus | 2.2.10 (including) | 2.2.10 (including) |
| Red Hat Enterprise Linux 4 | RedHat | cyrus-imapd-0:2.2.12-3.RHEL4.1 | * |
| Cyrus21-imapd | Ubuntu | dapper | * |
| Cyrus21-imapd | Ubuntu | edgy | * |
| Cyrus21-imapd | Ubuntu | feisty | * |