Vulnerability Description
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmu | Cyrus Imap Server | <= 2.4.10 |
References
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463
- http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd526440Patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:037
- http://www.redhat.com/support/errata/RHSA-2011-1508.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69842
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772
- http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463
- http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd526440Patch
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:037
- http://www.redhat.com/support/errata/RHSA-2011-1508.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69842
FAQ
What is CVE-2011-3481?
CVE-2011-3481 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference...
How severe is CVE-2011-3481?
CVE-2011-3481 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3481?
Check the references section above for vendor advisories and patch information. Affected products include: Cmu Cyrus Imap Server.