CVE-2019-11356

Published: 03 June 2019

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
cyrus-imapd
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.8-6)
Ubuntu 20.10 (Groovy Gorilla) Pending
(3.0.8-6)
Ubuntu 20.04 LTS (Focal Fossa) Pending
(3.0.8-6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.5.10-3ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist