Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cmu Cyrus IMAP Server SIEVE脚本组件缓冲区溢出漏洞
Vulnerability Description
Cyrus IMAP Server是一款免费开放源代码IMAP协议实现,可使用在Unix和Linux操作系统下。 Cyrus IMAP Server 2.2.13和2.3.14版本,Dovecot 1.0.4之前的1.0版本,1.1.7之前的1.1版本的cyrus-imapd中使用的SIEVE组件在处理SIEVE脚本时没有正确地使用sizeof()运算符,导致存在缓冲区溢出漏洞。远程攻击者可以向snprintf()调用传送负数的长度,由于整数转换这会生成很大的正数值,触发栈溢出。成功利用这个漏洞的攻击者可
CVSS Information
N/A
Vulnerability Type
N/A