Cyrus Sasl Cyrusimap Cyrus Sasl

Do you want an email whenever new security vulnerabilities are reported in Cyrusimap Cyrus Sasl?

By the Year

In 2024 there have been 0 vulnerabilities in Cyrusimap Cyrus Sasl . Cyrus Sasl did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 8.80
2021 0 0.00
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Cyrus Sasl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cyrusimap Cyrus Sasl Security Vulnerabilities

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28

CVE-2022-24407 8.8 - High - February 24, 2022

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

SQL Injection

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP

CVE-2019-19906 7.5 - High - December 19, 2019

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Memory Corruption

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters

CVE-2002-1347 9.8 - Critical - December 18, 2002

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Incorrect Calculation of Buffer Size

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple Mac OSX or by Cyrusimap? Click the Watch button to subscribe.

Cyrusimap
Vendor

subscribe