In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-10T07:00:00Z

Updated: 2024-09-16T16:28:43.074Z

Reserved: 2017-09-10T00:00:00Z

Link: CVE-2017-14230

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-10T07:29:00.177

Modified: 2024-11-21T03:12:22.550

Link: CVE-2017-14230

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-08-31T00:00:00Z

Links: CVE-2017-14230 - Bugzilla