Out-of-bounds Write in cyrus-sasl2

Do your applications use this vulnerable package? Test your applications

Overview

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

References

ADVISORY
Bugtraq Mailing List
CONFIRM
CONFIRM
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
FEDORA
FEDORA
FULLDISC
FULLDISC
GitHub Issue
MISC
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-19906
CWE: CWE-787
Snyk ID: SNYK-DEBIAN9-CYRUSSASL2-538413
Disclosed: 19 Dec, 2019
Published: 19 Dec, 2019

Out-of-bounds Write
Affecting cyrus-sasl2 package, versions <2.1.27~101-g0780600+dfsg-3+deb9u1

Overview

References

CVSS Score

Out-of-bounds Write Affecting cyrus-sasl2 package, versions <2.1.27~101-g0780600+dfsg-3+deb9u1

Overview

References

Out-of-bounds Write
Affecting cyrus-sasl2 package, versions <2.1.27~101-g0780600+dfsg-3+deb9u1