{"id":"USN-7224-1","summary":"cyrus-imapd vulnerabilities","details":"It was discovered that non-authentication-related HTTP requests could be\ninterpreted in an authentication context by a Cyrus IMAP Server when\nmultiple requests arrived over the same connection. An unauthenticated\nattacker could possibly use this issue to perform a privilege escalation\nattack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-18928)\n\nMatthew Horsfall discovered that Cyrus IMAP Server utilized a poor string\nhashing algorithm that could be abused to control where data was being\nstored. An attacker could possibly use this issue to perform a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2021-33582)\n\nDamian Poddebniak discovered that Cyrus IMAP Server could interpret\nspecially crafted commands to exploit a memory issue. An authenticated\nattacker could possibly use this issue to perform a denial of service.\nThis issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.\n(CVE-2024-34055)\n","modified":"2026-02-10T04:46:29Z","published":"2025-01-22T20:39:43Z","related":["UBUNTU-CVE-2019-18928","UBUNTU-CVE-2021-33582","UBUNTU-CVE-2024-34055"],"upstream":["CVE-2019-18928","CVE-2021-33582","CVE-2024-34055","UBUNTU-CVE-2019-18928","UBUNTU-CVE-2021-33582","UBUNTU-CVE-2024-34055"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7224-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-18928"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33582"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-34055"}],"affected":[{"package":{"name":"cyrus-imapd","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd@2.5.10-3ubuntu1.1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.10-3ubuntu1.1+esm1"}]}],"versions":["2.5.10-3build1","2.5.10-3build2","2.5.10-3ubuntu1","2.5.10-3ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-admin"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-caldav"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-clients"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-common"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-dev"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-imapd"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-murder"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-nntpd"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-pop3d"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"cyrus-replication"},{"binary_version":"2.5.10-3ubuntu1.1+esm1","binary_name":"libcyrus-imap-perl"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7224-1.json","cves_map":{"cves":[{"id":"CVE-2019-18928","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-33582","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"cyrus-imapd","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd@3.0.13-5ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.13-5ubuntu0.1~esm1"}]}],"versions":["3.0.11-1","3.0.11-1build1","3.0.12-1","3.0.12-2","3.0.12-2ubuntu2","3.0.12-2ubuntu3","3.0.13-2ubuntu1","3.0.13-3ubuntu1","3.0.13-4ubuntu1","3.0.13-5"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-admin"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-caldav"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-clients"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-common"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-dev"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-imapd"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-murder"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-nntpd"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-pop3d"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"cyrus-replication"},{"binary_version":"3.0.13-5ubuntu0.1~esm1","binary_name":"libcyrus-imap-perl"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7224-1.json","cves_map":{"cves":[{"id":"CVE-2021-33582","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"cyrus-imapd","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd@3.4.3-3ubuntu0.1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-3ubuntu0.1+esm1"}]}],"versions":["3.2.6-2build1","3.4.2-2","3.4.2-2build1","3.4.3-2","3.4.3-3","3.4.3-3build2","3.4.3-3ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-admin"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-caldav"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-clients"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-common"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-dev"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-imapd"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-murder"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-nntpd"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-pop3d"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"cyrus-replication"},{"binary_version":"3.4.3-3ubuntu0.1+esm1","binary_name":"libcyrus-imap-perl"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7224-1.json","cves_map":{"cves":[{"id":"CVE-2024-34055","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"cyrus-imapd","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/cyrus-imapd@3.8.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.2-1ubuntu0.1~esm1"}]}],"versions":["3.8.0-5","3.8.1-1","3.8.1-1build1","3.8.1-1build2","3.8.1-3","3.8.1-3build3","3.8.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-admin"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-caldav"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-clients"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-common"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-dev"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-imapd"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-murder"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-nntpd"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-pop3d"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"cyrus-replication"},{"binary_version":"3.8.2-1ubuntu0.1~esm1","binary_name":"libcyrus-imap-perl"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7224-1.json","cves_map":{"cves":[{"id":"CVE-2024-34055","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}}],"schema_version":"1.7.3"}