Out-of-bounds Write in cyrus-sasl

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Remediation

Upgrade cyrus-sasl to version or higher.

References

ADVISORY
Bugtraq Mailing List
CONFIRM
CONFIRM
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
FEDORA
FEDORA
FULLDISC
FULLDISC
GitHub Issue
MISC
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-19906
CWE: CWE-787
Snyk ID: SNYK-ALPINE39-CYRUSSASL-589390
Disclosed: 19 Dec, 2019
Published: 19 Dec, 2019

Out-of-bounds Write
Affecting cyrus-sasl package, versions <2.1.27-r2

Overview

Remediation

References

CVSS Score

Out-of-bounds Write Affecting cyrus-sasl package, versions <2.1.27-r2

Overview

Remediation

References

Out-of-bounds Write
Affecting cyrus-sasl package, versions <2.1.27-r2