Noph0Bia

Name of the Vulnerable Software and Affected Versions: Mercury/32 version 4.01a Description: The issue is related to multiple buffer overflows in the IMAP service, which can be exploited by remote authenticated users. This can lead to a denial of service, causing the application to crash, and potentially allow the execution of arbitrary code. The buffer overflows can occur when sending long arguments to various IMAP commands, including `EXAMINE`, `SUBSCRIBE`, `STATUS`, `APPEND`, `CHECK`, `CLOSE`, `EXPUNGE`, `FETCH`, `RENAME`, `DELETE`, `LIST`, `SEARCH`, `CREATE`, and `UNSUBSCRIBE`. Recommendations: For Mercury/32 version 4.01a, consider updating to a newer version that addresses the buffer overflow issues in the IMAP service. As a temporary workaround, restrict access to the IMAP service or limit the length of arguments that can be passed to the affected commands.