Vulnerability Description
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carnegie Mellon University | Cyrus-Sasl | <= 2.1.22 |
Related Weaknesses (CWE)
References
- ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gzPatch
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://osvdb.org/54514
- http://osvdb.org/54515
- http://secunia.com/advisories/35094
- http://secunia.com/advisories/35097
- http://secunia.com/advisories/35102
- http://secunia.com/advisories/35206
- http://secunia.com/advisories/35239
- http://secunia.com/advisories/35321
- http://secunia.com/advisories/35416
- http://secunia.com/advisories/35497
- http://secunia.com/advisories/35746
- http://secunia.com/advisories/39428
FAQ
What is CVE-2009-0688?
CVE-2009-0688 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used ...
How severe is CVE-2009-0688?
CVE-2009-0688 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0688?
Check the references section above for vendor advisories and patch information. Affected products include: Carnegie Mellon University Cyrus-Sasl.