CVE-2009-2632

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-2632

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-2632.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2009-2632

Related

Published

2009-09-08T23:30:00Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

References

Affected packages

Debian:11 / dovecot

Package

Name: dovecot
Purl: pkg:deb/debian/dovecot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.1-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / dovecot

Package

Name: dovecot
Purl: pkg:deb/debian/dovecot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.1-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / dovecot

Package

Name: dovecot
Purl: pkg:deb/debian/dovecot?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.1-1

Ecosystem specific

{
    "urgency": "medium"
}