CVE-2009-0688

EPSS 39.5%

cyrus-sasl2 cyrus-sasl2-heimdal - arbitrary code execution

發布日:2009/5/15修改日:2026/3/9

也稱為:DSA-1807-1DEBIAN-CVE-2009-0688

描述

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.

受影響套件(5)

Debian/cyrus-sasl2from 0, < 2.1.23.dfsg1-1
Debian/cyrus-sasl2from 0, < 2.1.22.dfsg1-23+lenny1
Debian/cyrus-sasl2from 0, < 2.1.22.dfsg1-23+squeeze1
Debian/cyrus-sasl2-heimdalfrom 0, < 2.1.22.dfsg1-23+lenny1
Debian/cyrus-sasl2-heimdalfrom 0, < 2.1.22.dfsg1-23+squeeze1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0688