Published: 01/09/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Cyrus IMAP prior to 3.4.2 allows remote malicious users to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cyrus imap
fedoraproject fedora 34
fedoraproject fedora 35
debian debian linux 9.0

Debian Bug report logs - #993433 cyrus-imapd: CVE-2021-33582 Package: src:cyrus-imapd; Maintainer for src:cyrus-imapd is Debian Cyrus Team <team+cyrus@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Sep 2021 09:06:01 UTC Severity: important Tags: security, upstream Found in v ...

A flaw was found in cyrus-imapd A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets A user may cause a CPU denial of service by maliciously directing many inputs to a single bucket The highest threat from this vulnerability is to system availability (CVE-2021-33582) ...

CWE-407 https://www.cyrusimap.org/imap/download/release-notes/index.html https://github.com/cyrusimap/cyrus-imapd/commits/master https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released https://github.com/cyrusimap/cyrus-imapd/security/advisories https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993433 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1725.html

CVE-2021-33582

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect