Home

CVE-2019-19906

Description

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.481

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo UpdateMac
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27+dfsg-1ubuntu0.1_i386.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27+dfsg-1ubuntu0.1_amd64.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.26.dfsg1-14ubuntu0.2_i386.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.26.dfsg1-14ubuntu0.2_amd64.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27~101-g0780600+dfsg-3ubuntu2.1_i386.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27~101-g0780600+dfsg-3ubuntu2.1_amd64.debLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-crammd5-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-crammd5-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-crammd5-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-crammd5-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-debugsource-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-digestmd5-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-digestmd5-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-gssapi-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-gssapi-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-gssapi-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-gssapi-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-otp-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-otp-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-otp-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-otp-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-plain-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-plain-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-plain-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) cyrus-sasl-plain-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) libsasl2-3-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) libsasl2-3-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) libsasl2-3-debuginfo-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2020:3939-1(SUSE Linux Enterprise Server 12-SP5 ) libsasl2-3-debuginfo-32bit-2.1.26-8.13.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27~101-g0780600+dfsg-3ubuntu2.1_i386.debLinux
Cyrus Simple Authentication and Security Layer (USN-4256-1) libsasl2-2_2.1.27~101-g0780600+dfsg-3ubuntu2.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234