Cyrus Sasl

cyrus_sasl

Vendor: Cyrusimap • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24407 5Cyrusimap DebianFedoraproject+2 more 8Active Iq Unified Manager Communications Cloud Native Core ConsoleCommunications Cloud Native Core Network Function Cloud Native Environment+5 more Nov 21, 2024 Feb 24, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVE-2019-19906 7Apache AppleCanonical+4 more 19Bookkeeper Cyrus SaslDebian Linux+16 more Nov 21, 2024 Dec 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in...Show more cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.Show less
CVE-2002-1347 2Apple Cyrusimap 3Cyrus Sasl Mac Os XMac Os X Server Apr 16, 2026 Dec 18, 2002 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) charact...Show more Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.Show less