📦

cyrus-sasl

Vendor: cyrusimap

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.46% Exploit Prob.

Latest CVE CVE-2022-24407 Feb 24

Security Vulnerability Index

Page 1 / 1

8.8 CVSS

CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

EPSS: 0.43%

Severity: HIGH

Feb 24, 2022

7.5 CVSS

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

EPSS: 0.48%

Severity: HIGH

Dec 19, 2019

Displaying 2 of 2 Total Entries

Total 1 Sections