CVE-2014-0079

Published: Apr 28, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

Affected (15)

Products: Zarafa: Zarafa

Zarafa

1 product

Zarafa

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Zarafa Zarafa	Up to 6.20
Zarafa Zarafa	Version 5.00
Zarafa Zarafa	Version 5.01
Zarafa Zarafa	Version 5.02
Zarafa Zarafa	Version 5.10
Zarafa Zarafa	Version 5.11
Zarafa Zarafa	Version 5.20
Zarafa Zarafa	Version 5.22
Zarafa Zarafa	Version 6.00
Zarafa Zarafa	Version 6.01
Zarafa Zarafa	Version 6.02
Zarafa Zarafa	Version 6.03
Zarafa Zarafa	Version 6.10
Zarafa Zarafa	Version 6.11
Zarafa Zarafa	Version 7.1.8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.mandriva.com/security/advisories?name=MDVSA-2014:044

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1059903

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2014:044

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1059903

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.