CVE-2010-2813 - Vulnerability Details

CVE-2010-2813 - SquirrelMail: DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Squirrelmail	Squirrelmail

Configuration 1 [-]

OR	cpe:2.3:a:squirrelmail:squirrelmail::::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1::::::
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.44:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
squirrelmail-0:1.4.8-18.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2012:0103	2012-02-08T00:00:00Z
Red Hat Enterprise Linux 5
squirrelmail-0:1.4.8-5.el5_7.13	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:0103	2012-02-08T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://secunia.com/advisories/40964
http://secunia.com/advisories/40971
http://squirrelmail.org/security/issue/2010-07-23
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972
http://support.apple.com/kb/HT5130
http://www.debian.org/security/2010/dsa-2091
http://www.securityfocus.com/bid/42399
http://www.vupen.com/english/advisories/2010/2070
http://www.vupen.com/english/advisories/2010/2080
https://bugzilla.redhat.com/show_bug.cgi?id=618096
https://exchange.xforce.ibmcloud.com/vulnerabilities/61124
https://nvd.nist.gov/vuln/detail/CVE-2010-2813
https://www.cve.org/CVERecord?id=CVE-2010-2813

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-08-19T17:43:00

Updated: 2024-08-07T02:46:48.556Z

Reserved: 2010-07-22T00:00:00

Link: CVE-2010-2813

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-08-19T18:00:05.657

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-2813

Redhat

Severity : Low

Publid Date: 2010-07-23T00:00:00Z

Links: CVE-2010-2813 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2010-11422", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT5130"}, {"name": "squirrelmail-imap-dos(61124)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"}, {"name": "FEDORA-2010-11410", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972"}, {"name": "DSA-2091", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2091"}, {"name": "APPLE-SA-2012-02-01-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"}, {"name": "40964", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40964"}, {"name": "ADV-2010-2080", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2080"}, {"name": "42399", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/42399"}, {"name": "RHSA-2012:0103", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"}, {"name": "40971", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40971"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://squirrelmail.org/security/issue/2010-07-23"}, {"name": "ADV-2010-2070", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2070"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2813", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2010-11422", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"}, {"name": "http://support.apple.com/kb/HT5130", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5130"}, {"name": "squirrelmail-imap-dos(61124)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"}, {"name": "FEDORA-2010-11410", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"}, {"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972", "refsource": "CONFIRM", "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972"}, {"name": "DSA-2091", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2091"}, {"name": "APPLE-SA-2012-02-01-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"}, {"name": "40964", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40964"}, {"name": "ADV-2010-2080", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2080"}, {"name": "42399", "refsource": "BID", "url": "http://www.securityfocus.com/bid/42399"}, {"name": "RHSA-2012:0103", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"}, {"name": "40971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40971"}, {"name": "http://squirrelmail.org/security/issue/2010-07-23", "refsource": "CONFIRM", "url": "http://squirrelmail.org/security/issue/2010-07-23"}, {"name": "ADV-2010-2070", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2070"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=618096", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.556Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2010-11422", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT5130"}, {"name": "squirrelmail-imap-dos(61124)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"}, {"name": "FEDORA-2010-11410", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972"}, {"name": "DSA-2091", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2091"}, {"name": "APPLE-SA-2012-02-01-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"}, {"name": "40964", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40964"}, {"name": "ADV-2010-2080", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2080"}, {"name": "42399", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/42399"}, {"name": "RHSA-2012:0103", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"}, {"name": "40971", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40971"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://squirrelmail.org/security/issue/2010-07-23"}, {"name": "ADV-2010-2070", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2070"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2813", "datePublished": "2010-08-19T17:43:00", "dateReserved": "2010-07-22T00:00:00", "dateUpdated": "2024-08-07T02:46:48.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C85CDDA-ED8F-4878-807D-D725E83354F9", "versionEndIncluding": "1.4.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "D4D1297B-EE36-46E2-8722-34F385A54751", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "9C3A6CFE-CFA4-4B48-9738-063A2B1025FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a:*:*:*:*:*:*", "matchCriteriaId": "2664D22F-B0E6-48AB-BBBA-C653C1AF77A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:*:*:*:*:*:*:*", "matchCriteriaId": "5F6B4BA8-1379-44CF-B87D-9DA66B5F2484", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*", "matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:*:*:*:*:*:*:*", "matchCriteriaId": "AB0ABD26-2EA3-4884-BA0B-FFB88177CFDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:*:*:*:*:*:*:*", "matchCriteriaId": "CCC479F3-6F3B-46CB-9D28-2DB7D76FDAE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:*:*:*:*:*:*:*", "matchCriteriaId": "8EDC2C56-E977-452F-9263-541091356B67", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:*:*:*:*:*:*:*", "matchCriteriaId": "B743DEC2-1ED2-4CAC-87F4-4EFDF16159FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:*:*:*:*:*:*:*", "matchCriteriaId": "5CCE37B1-932D-4A4A-B4CA-056E26D78659", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3:*:*:*:*:*:*", "matchCriteriaId": "F66D66B1-992E-4EE0-A189-0974B96FE721", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "70484027-647C-47DF-85FD-3323F4685613", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*", "matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1:*:*:*:*:*:*", "matchCriteriaId": "0F28456D-EA59-4900-AEAD-F8CB06F5129D", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*", "matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*", "matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "03D847B0-DE1D-49D7-9ED4-30C0A82209AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "A53D0058-6216-4136-8F0A-A6B4AD475DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "D58980B8-6D4B-4E90-8410-80FDD7CF15C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "4429B95B-273A-45F3-A066-9AF548AC3FC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:*:*:*:*:*:*:*", "matchCriteriaId": "2A901766-B49B-4983-98AB-880B333C284B", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*", "matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*", "matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "537E4C91-91F9-469B-BF7D-5B05624D637A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "3893B3D9-BAA3-4FCD-BC58-C4B664E688B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5C975-D1EE-4248-9DA9-81C10E28B7F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "34EB1B08-4377-4496-A278-19616238900F", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "5BF9DF8F-368B-44A0-9258-49298E41E0E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "14735797-F6A9-42C8-9E05-9A427AD69EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.44:*:*:*:*:*:*:*", "matchCriteriaId": "A0C44025-C79D-4791-8EF6-3E26786E194E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."}, {"lang": "es", "value": "functions/imap_general.php en SquirrelMail anterior a v1.4.21 no maneja adecuadamente los caracteres de 8-bits en contrase\u00f1as, lo cual permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de disco) realizando muchos intentos de inicio de sesi\u00f3n IMAP con diferentes nombres de usuario, llevando a la creaci\u00f3n de muchos ficheros de preferencias."}], "id": "CVE-2010-2813", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-19T18:00:05.657", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40964"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40971"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://squirrelmail.org/security/issue/2010-07-23"}, {"source": "cve@mitre.org", "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT5130"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2091"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/42399"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2070"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2080"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://squirrelmail.org/security/issue/2010-07-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5130"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/42399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61124"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0103", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "squirrelmail-0:1.4.8-18.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2012-02-08T00:00:00Z"}, {"advisory": "RHSA-2012:0103", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "squirrelmail-0:1.4.8-5.el5_7.13", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-02-08T00:00:00Z"}], "bugzilla": {"description": "SquirrelMail: DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password", "id": "618096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618096"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files."], "name": "CVE-2010-2813", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "squirrelmail", "product_name": "Red Hat Enterprise Linux 3"}], "public_date": "2010-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2813\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2813"], "statement": "The Red Hat Security Response Team has rated this issue as having low security\nimpact, a future update may address this flaw.", "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object