CVE-2021-33582

Published: Sep 1, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Affected (6)

Products: Cyrus: Imap · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cyrus Imap	Before 3.0.16
Cyrus Imap	From 3.2.0 to 3.2.8
Cyrus Imap	From 3.4.0 to 3.4.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References (14)

https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/cyrusimap/cyrus-imapd/commits/master

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/cyrusimap/cyrus-imapd/security/advisories

Source: cve@mitre.org

Not ApplicableThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/

Source: cve@mitre.org

https://www.cyrusimap.org/imap/download/release-notes/index.html

Source: cve@mitre.org

PatchRelease NotesVendor Advisory

https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/cyrusimap/cyrus-imapd/commits/master

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/cyrusimap/cyrus-imapd/security/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.cyrusimap.org/imap/download/release-notes/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

Timeline

No history available yet.