Skip to main content

Cyrus Imap CVE-2024-34055

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2024-06-05 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 05, 2024 - 05:15 nvd
MEDIUM 6.5

DescriptionNVD

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

AnalysisAI

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. Affected products include: Cyrusimap Cyrus Imap. Version information: before 3.8.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

CVE-2017-12843 MEDIUM
6.5 Aug 22

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) S

CVE-2026-47084 MEDIUM
6.5 Jul 16

Unauthorized mailbox deletion in Cyrus IMAP through 3.12.2 allows any authenticated non-admin user to invoke the admin-o

CVE-2026-47082 MEDIUM
5.4 Jul 16

Incorrect authorization in Cyrus IMAP through 3.12.2 allows authenticated users to bypass mailbox ACL enforcement via th

CVE-2026-47083 MEDIUM
4.3 Jul 16

Cross-user information disclosure in Cyrus IMAP through 3.12.2 allows any authenticated IMAP user to enumerate folder na

CVE-2026-47089 MEDIUM
4.3 Jul 16

Cyrus IMAP through 3.12.2 exposes mailbox ACL data to any authenticated user via the IMAP LISTRIGHTS command, which lack

CVE-2026-47085 MEDIUM
4.0 Jul 16

URLAUTH token forgery in Cyrus IMAP through 3.12.2 allows a network-based unauthenticated attacker to read the contents

CVE-2026-47086 LOW
3.5 Jul 16

Unauthorized mailbox access in Cyrus IMAP through 3.12.2 allows any authenticated user to read email from mailboxes they

CVE-2026-47087 LOW
3.5 Jul 16

Cyrus IMAP through version 3.12.2 fails to invalidate URLAUTH-minted URLs when the authorizer's access is subsequently r

CVE-2026-47081 LOW
3.1 Jul 16

Cyrus IMAP through version 3.12.2 contains an authorization flaw in its XAPPLEPUSHSERVICE (XAPS) command that lets authe

CVE-2026-47088 LOW
3.1 Jul 16

Heap over-read in Cyrus IMAP through version 3.12.2 enables authenticated IMAP users to leak server heap memory by submi

Share

CVE-2024-34055 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy