James Ralston

**Name of the Vulnerable Software and Affected Versions** cyrus-sasl versions prior to 2.1.23 sasl2-bin (affected versions not specified) **Description** The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, potentially leading to the execution of arbitrary code or a denial of service. The vulnerability is related to multiple buffer overflows in the CMU Cyrus SASL library, specifically in the `sasl encode64` function in `lib/saslutil.c`, which can be triggered by input strings. **Recommendations** For cyrus-sasl versions prior to 2.1.23, update to version 2.1.23 or later to resolve the issue. For sasl2-bin, at the moment, there is no information about a newer version that contains a fix for this vulnerability.