CVE-2009-2632

N/A Unknown

Published: September 08, 2009 Modified: April 23, 2026

Description

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://dovecot.org/list/dovecot-news/2009-September/000135.html

Source: cret@cert.org

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

Source: cret@cert.org

http://secunia.com/advisories/36629

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/36632

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/36698

Source: cret@cert.org

http://secunia.com/advisories/36713

Source: cret@cert.org

http://secunia.com/advisories/36904

Source: cret@cert.org

http://support.apple.com/kb/HT4077

Source: cret@cert.org

http://www.debian.org/security/2009/dsa-1881

Source: cret@cert.org

Patch

http://www.openwall.com/lists/oss-security/2009/09/14/3

Source: cret@cert.org

http://www.osvdb.org/58103

Source: cret@cert.org

http://www.securityfocus.com/bid/36296

Source: cret@cert.org

Patch

http://www.securityfocus.com/bid/36377

Source: cret@cert.org

http://www.ubuntu.com/usn/USN-838-1

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2559

Source: cret@cert.org

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/2641

Source: cret@cert.org

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail

Source: cret@cert.org

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html

Source: cret@cert.org

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082

Source: cret@cert.org

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html

Source: cret@cert.org

http://dovecot.org/list/dovecot-news/2009-September/000135.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36629

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/36632

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/36698

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36713

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36904

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4077

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1881

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2009/09/14/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/58103

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36296

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/36377

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-838-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/2559

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/2641

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html

Source: af854a3a-2127-422b-91ae-364da2661108

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.5%

38th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

cmu

Related CVEs

CVE-2026-48777 N/A

CVE-2026-47750 7.8

CVE-2026-47747 7.8

CVE-2026-46448 5.4

CVE-2026-22313 9.1