DSA-2377-1 cyrus-imapd-2.2 -- NULL pointer dereferenceID: oval:org.secpod.oval:def:600696 | Date: (C)2012-01-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that cyrus-imapd, a highly scalable mail system designed for use in enterprise environments, is not properly parsing mail headers when a client makes use of the IMAP threading feature. As a result, a NULL pointer is dereferenced which crashes the daemon. An attacker can trigger this by sending a mail containing crafted reference headers and access the mail with a client that uses the server threading feature of IMAP.
Platform: |
Debian 5.0 |
Debian 6.0 |