CVE-2024-34055

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34055
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34055.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-34055
Downstream
Related
Published
2024-06-05T05:15:49Z
Modified
2025-10-17T02:42:46.686807Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

References

Affected packages

Git / github.com/cyrusimap/cyrus-imapd

Affected ranges

Type
GIT
Repo
https://github.com/cyrusimap/cyrus-imapd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ef9e4e8314d6a06f2269af0ccf606894cc3fe489

Affected versions

Other

cass-posttab
cass-pretab
posttab
pretab

cyrus-imapd-2.*

cyrus-imapd-2.4.0
cyrus-imapd-2.4.1
cyrus-imapd-2.4.2
cyrus-imapd-2.5-snapshot-autoconf-and-automake

cyrus-imapd-3.*

cyrus-imapd-3.0.0-beta1
cyrus-imapd-3.0.0-beta2
cyrus-imapd-3.0.0-beta3
cyrus-imapd-3.0.0-beta4
cyrus-imapd-3.0.0-beta5
cyrus-imapd-3.0.0-beta6
cyrus-imapd-3.0.0-rc1
cyrus-imapd-3.0.0-rc2
cyrus-imapd-3.0.0-rc3
cyrus-imapd-3.0.0-rc4
cyrus-imapd-3.1.0-dev
cyrus-imapd-3.1.1
cyrus-imapd-3.1.2
cyrus-imapd-3.1.3
cyrus-imapd-3.1.4
cyrus-imapd-3.1.5
cyrus-imapd-3.1.6
cyrus-imapd-3.1.7
cyrus-imapd-3.1.8
cyrus-imapd-3.1.9
cyrus-imapd-3.11.0-alpha0
cyrus-imapd-3.3.0
cyrus-imapd-3.3.0-dev0
cyrus-imapd-3.3.1
cyrus-imapd-3.5.0-alpha0
cyrus-imapd-3.7.0-alpha0
cyrus-imapd-3.9.0-alpha0