CVE-2011-3481

Name of the Vulnerable Software and Affected Versions Cyrus IMAP Server versions prior to 2.4.11

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by exploiting the index get ids function in imapd when server-side threading is enabled. This can be achieved via a crafted References header in an e-mail message.

Recommendations For versions prior to 2.4.11, update to version 2.4.11 or later to resolve the issue. As a temporary workaround, consider disabling server-side threading until a patch is available.