CVE-2009-0688

CVE information

Published

13 years ago

Last Modified

4 years ago

CVSSv2.0 Severity

High

Impact Analysis

Description

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c..

CVSSv2.0 Score

Severity
High
Base Score
7.5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.21:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.3:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.23:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.3:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.17:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.19:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.2:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.24:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.27:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.0:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.16:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.20:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.26:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.4:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.14:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.6:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.21:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.1:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.13:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.5:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.8:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.20:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.0:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.10:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.16:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.5:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.1:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.15:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.7:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.22:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.2:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.12:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.9:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.28:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:*:*:*:
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.11:*:*:*
  Yes
- -
cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.18:*:*:*
  Yes
- -

References

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni Vulnerability Scanner. Is free for 7-days then $39 monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free
App screenshot