CVE-2024-34055: Medium severity cyrus sasl vulnerability
Published Jun 5, 2024
·Updated
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Affected Software
7 affected componentsFixes available
redhat/cyrus imap<3.8.3
3.8.3
redhat/cyrus imap<3.10.0
3.10.0
debian/cyrus-imapd<=3.2.6-2+deb11u2, <=3.2.6-2+deb11u4
3.6.1-4+deb12u33.6.1-4+deb12u23.10.1-1
cyrusimap Cyrus IMAP<3.8.3
cyrusimap Cyrus IMAP=3.10.0-alpha0
cyrusimap Cyrus IMAP=3.10.0-beta1
cyrusimap Cyrus IMAP=3.10.0-beta2
Remediation
Event History
Jun 5, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Jan 23, 2025
Data Sourced
via Launchpad·06:43 PM
Description
Jan 27, 2025
Data Sourced
via Ubuntu·06:42 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-34055?
CVE-2024-34055 has a high severity rating due to the potential for unbounded memory allocation leading to denial of service.
2
How do I fix CVE-2024-34055?
To fix CVE-2024-34055, upgrade to Cyrus IMAP version 3.8.3 or 3.10.0-rc1 or later.
3
What impact does CVE-2024-34055 have on my system?
CVE-2024-34055 allows authenticated attackers to exploit the vulnerability to exhaust system memory, potentially causing service disruptions.
4
What versions of Cyrus IMAP are affected by CVE-2024-34055?
CVE-2024-34055 affects Cyrus IMAP versions before 3.8.3 and 3.10.x before 3.10.0-rc1.
5
Who is vulnerable to CVE-2024-34055?
Authenticated users of Cyrus IMAP versions before 3.8.3 and 3.10.x before 3.10.0-rc1 are vulnerable to CVE-2024-34055.