Your submission was sent successfully! Close

CVE-2019-11356

Published: 03 June 2019

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
cyrus-imapd
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.8-6)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.0.8-6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.5.10-3ubuntu1.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist