#VU23796 Out-of-bounds write


Published: 2019-12-23 | Updated: 2022-02-08

Vulnerability identifier: #VU23796

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-19906

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cyrus SASL
Server applications / Mail servers

Vendor: Carnegie Mellon University

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds write error when processing LDAP queries within the _sasl_add_string() function in common.c file in cyrus-sasl. A remote non-authenticated attacker can create a specially LDAP request to the affected server, trigger off-by-one error in OpenLDAP implementation and crash the service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cyrus SASL: 2.1.23 - 2.1.27


CPE

External links
http://github.com/cyrusimap/cyrus-sasl/issues/587
http://lists.debian.org/debian-lts-announce/2019/12/msg00027.html
http://www.debian.org/security/2019/dsa-4591
http://www.openldap.org/its/index.cgi/Incoming?id=9123


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability