Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in cached header handling, (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Imapd | Cyrus | 2.2.10 | 2.2.10 |
Imapd | Cyrus | 2.1.16 | 2.1.16 |
Imapd | Cyrus | 2.0.17 | 2.0.17 |
Imapd | Cyrus | 2.1.17 | 2.1.17 |
Imapd | Cyrus | 2.1.18 | 2.1.18 |