Cyrus · Cyrus Imap · CVE-2017-14230
**Name of the Vulnerable Software and Affected Versions**
Cyrus IMAP versions prior to 3.0.4
**Description**
The issue is related to an off-by-one error in the `mboxlist do find` function, which can cause the use of uninitialized memory. This might allow remote attackers to obtain sensitive information or cause a denial of service, resulting in a daemon crash. The error is triggered by a specific command, 'LIST "" "Other Users"'.
**Recommendations**
For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue.