CVE-2021-33582
Published: 1 September 2021
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
cyrus-imapd Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Needs triage
|
|
| jammy |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(out of standard support)
|
|
|
cyrus-imapd-2.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(out of standard support)
|