CVE-2004-1012

EPSS 10.2%

cyrus-imapd - buffer overflow

Published: 1/10/2005Modified: 4/28/2026

Description

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

Affected packages (2)

Debian/cyrus21-imapdfrom 0, < 1.5.19-9.2
Debian/cyrus-imapdfrom 0, < 1.5.19-20

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-1012