Cyrus Sasl Cyrusimap Cyrus Sasl

Do you want an email whenever new security vulnerabilities are reported in Cyrusimap Cyrus Sasl?

By the Year

In 2022 there have been 1 vulnerability in Cyrusimap Cyrus Sasl with an average score of 8.8 out of ten. Cyrus Sasl did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 1 8.80
2021 0 0.00
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Cyrus Sasl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cyrusimap Cyrus Sasl Security Vulnerabilities

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28

CVE-2022-24407 8.8 - High - February 24, 2022

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

SQL Injection

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP

CVE-2019-19906 7.5 - High - December 19, 2019

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple iOS or by Cyrusimap? Click the Watch button to subscribe.

Cyrusimap
Vendor

subscribe