Denial of Service Vulnerability in Cyrus IMAP Server

Denial of Service Vulnerability in Cyrus IMAP Server

CVE-2021-33582 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Learn more about our Web Application Penetration Testing UK.