6.5
CVE-2024-34055
- EPSS 0.39%
- Published 05.06.2024 05:15:49
- Last modified 06.12.2024 15:15:08
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Data is provided by the National Vulnerability Database (NVD)
Cyrusimap ≫ Cyrus Imap Version < 3.8.3
Cyrusimap ≫ Cyrus Imap Version3.10.0 Updatealpha0
Cyrusimap ≫ Cyrus Imap Version3.10.0 Updatebeta1
Cyrusimap ≫ Cyrus Imap Version3.10.0 Updatebeta2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.592 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.