CVE-2021-32056: Medium severity cyrus sasl vulnerability
Published May 10, 2021
·Updated
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Affected Software
4 affected components
Cyrus IMAP<3.2.7
Cyrus IMAP>=3.3.0<3.4.1
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Remediation
Event History
May 10, 2021
CVE Published
via MITRE·01:05 PM
Data Sourced
via MITRE·01:05 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2021-32056?
CVE-2021-32056 is categorized as a medium severity vulnerability.
2
How do I fix CVE-2021-32056?
To fix CVE-2021-32056, upgrade to Cyrus IMAP version 3.2.7 or 3.4.1 or later.
3
Who is affected by CVE-2021-32056?
CVE-2021-32056 affects Cyrus IMAP versions prior to 3.2.7, and versions 3.3.x and 3.4.x prior to 3.4.1.
4
What does CVE-2021-32056 allow an attacker to do?
CVE-2021-32056 allows remote authenticated users to bypass access restrictions, which can stall server replication.
5
Is CVE-2021-32056 specific to any operating system?
CVE-2021-32056 impacts the Cyrus IMAP Server on various platforms including Fedora versions 34 and 35.