Moderate

CVE-2011-3481 - Unspecified vulnerability in CMU Cyrus Imap Server

Publication: 2011-09-14
Summary

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

Risk level (CVSS 4.3)

Moderate

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • CMU Cyrus Imap Server 2.0.17
  • CMU Cyrus Imap Server 2.1.16
  • CMU Cyrus Imap Server 2.1.17
  • CMU Cyrus Imap Server 2.1.18
  • CMU Cyrus Imap Server 2.2.8
  • CMU Cyrus Imap Server 2.2.9
  • CMU Cyrus Imap Server 2.2.10
  • CMU Cyrus Imap Server 2.2.11
  • CMU Cyrus Imap Server 2.2.12
  • CMU Cyrus Imap Server 2.2.13
  • CMU Cyrus Imap Server 2.3.0
  • CMU Cyrus Imap Server 2.3.1
  • CMU Cyrus Imap Server 2.3.2
  • CMU Cyrus Imap Server 2.3.3
  • CMU Cyrus Imap Server 2.3.4
  • CMU Cyrus Imap Server 2.3.5
  • CMU Cyrus Imap Server 2.3.6
  • CMU Cyrus Imap Server 2.3.7
  • CMU Cyrus Imap Server 2.3.8
  • CMU Cyrus Imap Server 2.3.9
  • CMU Cyrus Imap Server 2.2.13p1
  • CMU Cyrus Imap Server 2.3.10
  • CMU Cyrus Imap Server 2.3.11
  • CMU Cyrus Imap Server 2.3.12
  • CMU Cyrus Imap Server 2.3.13
  • CMU Cyrus Imap Server 2.3.14
  • CMU Cyrus Imap Server 2.3.15
  • CMU Cyrus Imap Server 2.3.16
  • CMU Cyrus Imap Server 2.3.17
  • CMU Cyrus Imap Server 2.4.0
  • CMU Cyrus Imap Server 2.4.1
  • CMU Cyrus Imap Server 2.4.2
  • CMU Cyrus Imap Server 2.4.3
  • CMU Cyrus Imap Server 2.4.4
  • CMU Cyrus Imap Server 2.4.5
  • CMU Cyrus Imap Server 2.4.6
  • CMU Cyrus Imap Server 2.4.7
  • CMU Cyrus Imap Server 2.4.8
  • CMU Cyrus Imap Server 2.4.9
  • CMU Cyrus Imap Server 2.4.10