CVE-2004-1012
cyrus-imapd - buffer overflow
EPSS 10.2%
Description
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
How to fix CVE-2004-1012
To remediate CVE-2004-1012, upgrade the affected package to a fixed version below.
- Debian/cyrus21-imapd—upgrade to 1.5.19-9.2 or later
- Debian/cyrus-imapd—upgrade to 1.5.19-20 or later
Is CVE-2004-1012 being exploited?
Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.5.19-9.2
- from 0, < 1.5.19-20