Vulnerability Report

CVE-2011-3208

Title: Cmu Cyrus Imap Server RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2011-3208.

CWE Category CWE-119

Published Date Sep 14, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 7.5 CVSS v2.0

Exploit Probability (EPSS)

9.85%

Vulnerability Summary

CVE-2011-3208: Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

Impacted Vendors

carnegie_mellon_university 1

cmu 1

Reference Links

http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html http://secunia.com/advisories/45938 http://secunia.com/advisories/45975 http://secunia.com/advisories/46064 http://securitytracker.com/id?1026031 http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.osvdb.org/75307 http://www.redhat.com/support/errata/RHSA-2011-1317.html http://www.securityfocus.com/bid/49534 https://bugzilla.redhat.com/show_bug.cgi?id=734926 https://exchange.xforce.ibmcloud.com/vulnerabilities/69679 https://hermes.opensuse.org/messages/11723935 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 http://git.cyrusimap.org/cyrus-imapd/commit/?id=0f8f026699829b65733c3081657b24e2174f4f4d http://git.cyrusimap.org/cyrus-imapd/commit/?id=3244c18c928fa331f6927e2b8146abe90feafddd http://lists.opensuse.org/opensuse-updates/2011-09/msg00019.html http://secunia.com/advisories/45938 http://secunia.com/advisories/45975 http://secunia.com/advisories/46064 http://securitytracker.com/id?1026031 http://www.debian.org/security/2011/dsa-2318 http://www.mandriva.com/security/advisories?name=MDVSA-2011:149 http://www.osvdb.org/75307 http://www.redhat.com/support/errata/RHSA-2011-1317.html http://www.securityfocus.com/bid/49534 https://bugzilla.redhat.com/show_bug.cgi?id=734926 https://exchange.xforce.ibmcloud.com/vulnerabilities/69679 https://hermes.opensuse.org/messages/11723935

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-3208 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

September 14, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.