CVE-2009-2632
Last modified
CVE-2009-2632 is a vulnerability of currently unknown severity. Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cmu | Cyrus Imap Server | 2.2.13 |
| Cmu | Cyrus Imap Server | 2.3.14 |
References
- http://secunia.com/advisories/36629Vendor Advisory
- http://secunia.com/advisories/36632Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2559Patch, Vendor Advisory
- http://secunia.com/advisories/36629Vendor Advisory
- http://secunia.com/advisories/36632Vendor Advisory
- http://www.vupen.com/english/advisories/2009/2559Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2632?
How severe is CVE-2009-2632?
How do I fix CVE-2009-2632?
Are you affected by CVE-2009-2632?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST