CVE-2011-3481

N/A Unknown

Published: September 14, 2011 Modified: April 29, 2026

Description

The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772

Source: cve@mitre.org

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463

Source: cve@mitre.org

http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5

Source: cve@mitre.org

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2012:037

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2011-1508.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/69842

Source: cve@mitre.org

http://bugzilla.cyrusimap.org/show_bug.cgi?id=2772

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3463

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.cyrusimap.org/cyrus-imapd/commit/?id=6e776956a1a9dfa58eacdd0ddd52644009eac9e5

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2012:037

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-1508.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69842

Source: af854a3a-2127-422b-91ae-364da2661108

12 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.1%

79th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

cmu