Cyrusimap Cyrus Sasl
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cyrusimap Cyrus Sasl.
By the Year
In 2025 there have been 0 vulnerabilities in Cyrusimap Cyrus Sasl. Cyrus Sasl did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 8.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cyrus Sasl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cyrusimap Cyrus Sasl Security Vulnerabilities
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28
CVE-2022-24407
8.8 - High
- February 24, 2022
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
SQL Injection
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP
CVE-2019-19906
7.5 - High
- December 19, 2019
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Memory Corruption
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters
CVE-2002-1347
9.8 - Critical
- December 18, 2002
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Incorrect Calculation of Buffer Size
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple macOS or by Cyrusimap? Click the Watch button to subscribe.
