CVE-2009-0688

EPSS 39.5%

cyrus-sasl2 - buffer overflow

Published: 5/15/2009Modified: 4/28/2026

Description

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

Affected packages (5)

Debian/cyrus-sasl2from 0, < 2.1.23.dfsg1-1
Debian/cyrus-sasl2from 0, < 2.1.22.dfsg1-23+lenny1
Debian/cyrus-sasl2from 0, < 2.1.22.dfsg1-23+squeeze1
Debian/cyrus-sasl2-heimdalfrom 0, < 2.1.22.dfsg1-23+lenny1
Debian/cyrus-sasl2-heimdalfrom 0, < 2.1.22.dfsg1-23+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0688