CVE-2024-34055

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions prior to 3.8.3 Cyrus IMAP versions 3.10.x prior to 3.10.0-rc1

Description The issue is related to a buffer overflow in memory, which can be exploited by sending several literals in a single command, potentially allowing a remote attacker to cause a denial of service. Authenticated attackers can cause unbounded memory allocation by sending many LITERALs in a single command.

Recommendations For Cyrus IMAP versions prior to 3.8.3, update to version 3.8.3 or later. For Cyrus IMAP versions 3.10.x prior to 3.10.0-rc1, update to version 3.10.0-rc1 or later. As a temporary workaround, consider restricting the number of LITERALs that can be sent in a single command to prevent unbounded memory allocation.

Fix

DoS

Buffer Overflow

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-770CWE-400

Related Identifiers

ALSA-2024:9195

BDU:2024-04474

CVE-2024-34055

DSA-5708-1

INFSA-2024_9195

OPENSUSE-SU-2025:14968-1

RHSA-2024:9195

RHSA-2024_9195

RLSA-2024:9195

USN-7224-1

Affected Products

Almalinux

Cyrus Imap

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2024-34055

Weakness Enumeration

Related Identifiers

Affected Products

References · 47