Cyrus IMAP prior to 3.4.2 allows remote malicious users to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cyrus imap |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 9.0 |