CVE-2009-0688 (retired)

Priority
Description
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might
allow remote attackers to execute arbitrary code or cause a denial of
service (application crash) via strings that are used as input to the
sasl_encode64 function in lib/saslutil.c.
Notes
 jdstrand> applying upstream patch could break existing applications
 mdeslaur> since the change breaks ABI, redhat updated applications that
 mdeslaur> used cyrus-sasl2 improperly instead. They have released
 mdeslaur> a cyrus-imapd update. See redhat bug for more info.
 mdeslaur> sendmail: https://bugzilla.redhat.com/show_bug.cgi?id=504186
 kees> cyrus-imapd-2.2: https://bugzilla.redhat.com/show_bug.cgi?id=504207
Assigned-to
kees
More Information

Updated: 2019-03-26 11:47:15 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)