{"id":"CVE-2024-34055","details":"Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.","modified":"2026-03-14T15:03:15.371958Z","published":"2024-06-05T05:15:49.950Z","related":["ALSA-2024:9195","openSUSE-SU-2025:14968-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVZHUZDU4MGTTZJRNACTMSKXLNMMRLJ6/"},{"type":"ADVISORY","url":"https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html"},{"type":"ADVISORY","url":"https://www.cyrusimap.org/imap/download/release-notes/3.8/x/3.8.3.html"},{"type":"FIX","url":"https://github.com/cyrusimap/cyrus-imapd/commit/ef9e4e8314d6a06f2269af0ccf606894cc3fe489"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cyrusimap/cyrus-imapd","events":[{"introduced":"0"},{"fixed":"7b1a4ed258e0d6955b16540eb6e9540803d034be"},{"introduced":"0"},{"last_affected":"2a43510e2929d96590ed04906092d76759a31a92"},{"introduced":"0"},{"last_affected":"81e82b76f33965e1d6219d30d34a2b62b8d74e3f"},{"introduced":"0"},{"last_affected":"1a9fd348b7589328dce029aa7f81ce3d1436a6f8"},{"fixed":"ef9e4e8314d6a06f2269af0ccf606894cc3fe489"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.8.3"},{"introduced":"0"},{"last_affected":"3.10.0-alpha0"},{"introduced":"0"},{"last_affected":"3.10.0-beta1"},{"introduced":"0"},{"last_affected":"3.10.0-beta2"}]}}],"versions":["cass-posttab","cass-pretab","cyrus-imapd-2.4.0","cyrus-imapd-2.4.1","cyrus-imapd-2.4.2","cyrus-imapd-2.5-snapshot-autoconf-and-automake","cyrus-imapd-3.0.0-beta1","cyrus-imapd-3.0.0-beta2","cyrus-imapd-3.0.0-beta3","cyrus-imapd-3.0.0-beta4","cyrus-imapd-3.0.0-beta5","cyrus-imapd-3.0.0-beta6","cyrus-imapd-3.0.0-rc1","cyrus-imapd-3.0.0-rc2","cyrus-imapd-3.0.0-rc3","cyrus-imapd-3.0.0-rc4","cyrus-imapd-3.1.0-dev","cyrus-imapd-3.1.1","cyrus-imapd-3.1.2","cyrus-imapd-3.1.3","cyrus-imapd-3.1.4","cyrus-imapd-3.1.5","cyrus-imapd-3.1.6","cyrus-imapd-3.1.7","cyrus-imapd-3.1.8","cyrus-imapd-3.1.9","cyrus-imapd-3.10.0-alpha0","cyrus-imapd-3.3.0","cyrus-imapd-3.3.0-dev0","cyrus-imapd-3.3.1","cyrus-imapd-3.5.0-alpha0","cyrus-imapd-3.7.0-alpha0","cyrus-imapd-3.9.0-alpha0","posttab","pretab"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34055.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}