{"id":"CVE-2021-33582","details":"Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.","modified":"2026-04-16T04:38:37.595175717Z","published":"2021-09-01T06:15:06.387Z","related":["openSUSE-SU-2024:11901-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/"},{"type":"ADVISORY","url":"https://github.com/cyrusimap/cyrus-imapd/security/advisories"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"},{"type":"FIX","url":"https://www.cyrusimap.org/imap/download/release-notes/index.html"},{"type":"FIX","url":"https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released"},{"type":"FIX","url":"https://github.com/cyrusimap/cyrus-imapd/commits/master"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cyrusimap/cyrus-imapd","events":[{"introduced":"0"},{"fixed":"12613ed72ab13e0b74ad59fe25bbbbe87bd08c68"},{"introduced":"8d68baad0cb14f102cce2137f9d06f04adc5c424"},{"fixed":"3262e71e98af21bd0d6f5553cb8c26cb09e79ded"},{"introduced":"73199a602f8ab51cc8cb06e921c5810b87df4725"},{"fixed":"4e1859e928d72b6dd746eb2a27f6643883b4b02c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.16"},{"introduced":"3.2.0"},{"fixed":"3.2.8"},{"introduced":"3.4.0"},{"fixed":"3.4.2"}]}}],"versions":["cyrus-imapd-2.4.0","cyrus-imapd-2.4.1","cyrus-imapd-2.4.2","cyrus-imapd-2.5-snapshot-autoconf-and-automake","cyrus-imapd-3.0.0","cyrus-imapd-3.0.0-beta1","cyrus-imapd-3.0.0-beta2","cyrus-imapd-3.0.0-beta3","cyrus-imapd-3.0.0-beta4","cyrus-imapd-3.0.0-beta5","cyrus-imapd-3.0.0-beta6","cyrus-imapd-3.0.0-rc1","cyrus-imapd-3.0.0-rc2","cyrus-imapd-3.0.0-rc3","cyrus-imapd-3.0.0-rc4","cyrus-imapd-3.0.1","cyrus-imapd-3.0.10","cyrus-imapd-3.0.11","cyrus-imapd-3.0.12","cyrus-imapd-3.0.13","cyrus-imapd-3.0.14","cyrus-imapd-3.0.15","cyrus-imapd-3.0.2","cyrus-imapd-3.0.3","cyrus-imapd-3.0.4","cyrus-imapd-3.0.5","cyrus-imapd-3.0.6","cyrus-imapd-3.0.7","cyrus-imapd-3.0.8","cyrus-imapd-3.0.9","cyrus-imapd-3.2.0","cyrus-imapd-3.2.1","cyrus-imapd-3.2.2","cyrus-imapd-3.2.3","cyrus-imapd-3.2.4","cyrus-imapd-3.2.5","cyrus-imapd-3.2.6","cyrus-imapd-3.2.7","cyrus-imapd-3.4.0","cyrus-imapd-3.4.1","posttab","pretab"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33582.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}