In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-10T07:00:00Z
Updated: 2024-09-16T16:28:43.074Z
Reserved: 2017-09-10T00:00:00Z
Link: CVE-2017-14230
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-10T07:29:00.177
Modified: 2024-11-21T03:12:22.550
Link: CVE-2017-14230
Redhat