{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "54515", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54515"}, {"name": "35239", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35239"}, {"name": "TA10-103B", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"}, {"name": "35321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35321"}, {"name": "VU#238019", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/238019"}, {"name": "35497", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35497"}, {"name": "35102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35102"}, {"name": "SSA:2009-134-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"}, {"name": "35746", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35746"}, {"name": "39428", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39428"}, {"name": "1020755", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"}, {"name": "35094", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35094"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "DSA-1807", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1807"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"}, {"name": "oval:org.mitre.oval:def:6136", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"}, {"name": "35097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35097"}, {"name": "ADV-2009-1313", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1313"}, {"name": "ADV-2009-2012", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2012"}, {"name": "oval:org.mitre.oval:def:10687", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"}, {"name": "SUSE-SR:2009:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "1021699", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"}, {"name": "GLSA-200907-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"}, {"name": "264248", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"}, {"name": "35206", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35206"}, {"name": "259148", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"}, {"name": "MDVSA-2009:113", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"}, {"name": "RHSA-2009:1116", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"}, {"name": "34961", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34961"}, {"name": "35416", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35416"}, {"name": "273910", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"}, {"name": "54514", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54514"}, {"name": "USN-790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-790-1"}, {"name": "1022231", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022231"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"}, {"name": "solaris-sasl-saslencode64-bo(50554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2009-0688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54515", "refsource": "OSVDB", "url": "http://osvdb.org/54515"}, {"name": "35239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35239"}, {"name": "TA10-103B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"}, {"name": "35321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35321"}, {"name": "VU#238019", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/238019"}, {"name": "35497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35497"}, {"name": "35102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35102"}, {"name": "SSA:2009-134-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"}, {"name": "35746", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35746"}, {"name": "39428", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39428"}, {"name": "1020755", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"}, {"name": "35094", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35094"}, {"name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "DSA-1807", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1807"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"}, {"name": "oval:org.mitre.oval:def:6136", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"}, {"name": "35097", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35097"}, {"name": "ADV-2009-1313", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1313"}, {"name": "ADV-2009-2012", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2012"}, {"name": "oval:org.mitre.oval:def:10687", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"}, {"name": "SUSE-SR:2009:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "1021699", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"}, {"name": "GLSA-200907-09", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"}, {"name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"}, {"name": "264248", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"}, {"name": "35206", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35206"}, {"name": "259148", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"}, {"name": "MDVSA-2009:113", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"}, {"name": "RHSA-2009:1116", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"}, {"name": "34961", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34961"}, {"name": "35416", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35416"}, {"name": "273910", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"}, {"name": "54514", "refsource": "OSVDB", "url": "http://osvdb.org/54514"}, {"name": "USN-790-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-790-1"}, {"name": "1022231", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022231"}, {"name": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz", "refsource": "CONFIRM", "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"}, {"name": "solaris-sasl-saslencode64-bo(50554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.371Z"}, "title": "CVE Program Container", "references": [{"name": "54515", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/54515"}, {"name": "35239", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35239"}, {"name": "TA10-103B", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"}, {"name": "35321", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35321"}, {"name": "VU#238019", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/238019"}, {"name": "35497", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35497"}, {"name": "35102", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35102"}, {"name": "SSA:2009-134-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"}, {"name": "35746", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35746"}, {"name": "39428", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39428"}, {"name": "1020755", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"}, {"name": "35094", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35094"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "DSA-1807", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1807"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"}, {"name": "oval:org.mitre.oval:def:6136", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"}, {"name": "35097", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35097"}, {"name": "ADV-2009-1313", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1313"}, {"name": "ADV-2009-2012", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2012"}, {"name": "oval:org.mitre.oval:def:10687", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"}, {"name": "SUSE-SR:2009:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "1021699", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"}, {"name": "GLSA-200907-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"}, {"name": "264248", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"}, {"name": "35206", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35206"}, {"name": "259148", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"}, {"name": "MDVSA-2009:113", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"}, {"name": "RHSA-2009:1116", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"}, {"name": "34961", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34961"}, {"name": "35416", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35416"}, {"name": "273910", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"}, {"name": "54514", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/54514"}, {"name": "USN-790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-790-1"}, {"name": "1022231", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022231"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"}, {"name": "solaris-sasl-saslencode64-bo(50554)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-0688", "datePublished": "2009-05-15T15:00:00", "dateReserved": "2009-02-22T00:00:00", "dateUpdated": "2024-08-07T04:40:05.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE960939-A4EB-48EF-AF34-55594AE7DC77", "versionEndIncluding": "2.1.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "89BEB28E-8CB4-40D1-8C1C-C9176FF85375", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC6C6AED-7F54-4833-AD7A-DBA943D556CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2480238-1543-41F8-8AE8-8B39C435909F", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA3AD0B1-CA87-4781-859D-817AC36C0E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "3420B0EC-C2B5-4391-994D-A379A84375D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "C792FC66-0903-4339-9594-286E22A332B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "CFFC1662-FC2F-4F0C-9F54-A593D2272728", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "9163D050-653D-4E19-8650-C63AAE756A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "D1355304-ECEB-465C-B4E4-61F280B93083", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "838325C9-9F9F-438C-A3A7-E88C29D0D508", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "B64D37E3-5068-4773-A0E4-DF48CB1B5988", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.21:*:*:*:*:*:*:*", "matchCriteriaId": "46B91E81-E4DF-402D-AFC9-106F8E7BE280", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.22:*:*:*:*:*:*:*", "matchCriteriaId": "86C8037E-E7C5-41F2-8200-6BCF1F4231AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "729258B3-E537-4B7D-8C4D-2257B86C746C", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.24:*:*:*:*:*:*:*", "matchCriteriaId": "DD2651BC-04DB-4807-95FC-E4DD48A504F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.26:*:*:*:*:*:*:*", "matchCriteriaId": "BCE4D1B8-61E1-4862-B014-C3B4306643F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "340A8945-CDC4-4C27-829A-526E7ABE8AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.28:*:*:*:*:*:*:*", "matchCriteriaId": "A8322F46-565E-4FBE-B42B-A369DB971954", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE6F481C-5209-499F-94CC-D552961AC4F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2103985B-3283-4A60-B8E1-54E3243E0CCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "33BCA1DC-E392-4BAB-B988-D4EAC2D0762D", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "11FCE614-FC84-4533-B40B-F71B4CA9259A", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E1FB96F-9A6E-4CAB-8D1D-3B980B1BE125", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "33A6FD48-AB9B-49E9-8987-7791E0CB8CDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "041EE0B5-4125-4A93-B91B-DD6A49C34FE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "747F34DD-5645-46D1-A256-CFBC5A399B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A81A7CD5-5E03-45BA-9F49-E2A6AEB7C353", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6CB9648A-2393-41D8-8B2E-72A6E1B3FB68", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "220421BF-64E7-4014-9143-5699FDF41024", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5948936A-076E-48B7-ACE0-C53067780AF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "237344AF-AE16-40EF-AECE-F7659193B3E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "662552C9-0BE5-42DF-81BA-DE0DDF72F76D", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "B8E226EA-AD15-4DB9-9599-F7A91FDA879F", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "5A09BFB5-E2B0-43EE-AA80-EE2E58A188AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "E838CB52-C13A-45C6-9B21-87A3D8701F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "B99BDFC9-2002-4C2A-A3ED-C4FB49A77C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "6E18DC9D-A315-4A26-816D-86F90E198660", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "AF41DE28-AD62-4591-8541-0CA3D0397F3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "5F32C986-EAF2-45A1-8DCE-222F422FC3C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "22094743-3B1A-42CD-B30C-B4E986C0F511", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "2BF7D594-6111-435A-8689-F5B23CB0457B", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "413902AD-3EFE-480E-B8EC-C6F28AF84C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "A181DAC2-112F-4C6A-8292-7526DD592A58", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "DF8F6313-9CC5-4685-8E26-BD7CF8CBFDE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "923C3D5B-A676-40C2-B8BC-C25A1B5FC1E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la librer\u00eda CMU Cyrus SASL versiones anteriores a v2.1.23 puede permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de cadenas que son utilizadas como entradas en la funci\u00f3n sasl_encode64 en lib/saslutil.c."}], "id": "CVE-2009-0688", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-15T15:30:00.187", "references": [{"source": "cret@cert.org", "tags": ["Patch"], "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"}, {"source": "cret@cert.org", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"source": "cret@cert.org", "url": "http://osvdb.org/54514"}, {"source": "cret@cert.org", "url": "http://osvdb.org/54515"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35094"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35097"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35102"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35206"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35239"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35321"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35416"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35497"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/35746"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/39428"}, {"source": "cret@cert.org", "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"}, {"source": "cret@cert.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"}, {"source": "cret@cert.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"}, {"source": "cret@cert.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"}, {"source": "cret@cert.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"}, {"source": "cret@cert.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"}, {"source": "cret@cert.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"}, {"source": "cret@cert.org", "url": "http://support.apple.com/kb/HT4077"}, {"source": "cret@cert.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"}, {"source": "cret@cert.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"}, {"source": "cret@cert.org", "url": "http://www.debian.org/security/2009/dsa-1807"}, {"source": "cret@cert.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/238019"}, {"source": "cret@cert.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"}, {"source": "cret@cert.org", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"}, {"source": "cret@cert.org", "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34961"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1022231"}, {"source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/usn-790-1"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2009/1313"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2009/2012"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}, {"source": "cret@cert.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"}, {"source": "cret@cert.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/54514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/54515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35746"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/238019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-790-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/2012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"}], "sourceIdentifier": "cret@cert.org", "vendorComments": [{"comment": "The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux.  Therefore, there is no plan to address this problem directly in cyrus-sasl packages.\n\nAll applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences.  See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20", "lastModified": "2009-06-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1116", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "cyrus-imapd-0:2.2.12-10.el4_8.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-06-18T00:00:00Z"}, {"advisory": "RHSA-2009:1116", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "cyrus-imapd-0:2.3.7-2.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-06-18T00:00:00Z"}], "bugzilla": {"description": "cyrus-sasl: sasl_encode64() does not reliably null-terminate its output", "id": "487251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487251"}, "csaw": false, "cvss": {"cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "status": "verified"}, "details": ["Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."], "name": "CVE-2009-0688", "public_date": "2008-05-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0688\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0688"], "statement": "The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux. Therefore, there is no plan to address this problem directly in cyrus-sasl packages.\nAll applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences. See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20", "threat_severity": "Important"}