Remote Code Execution Vulnerability in Cyrus IMAP Server 2.2.x through 2.2.8

Remote Code Execution Vulnerability in Cyrus IMAP Server 2.2.x through 2.2.8

CVE-2004-1013 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Learn more about our Cis Benchmark Audit For Server Software.