VDB
CVE-2021-32056
CVE-2021-32056
REJECTED
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
EPSS 0.20% · 42.3th percentile
Risk Scores
EPSS Score
0.20%
42.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | cyrus-imapd | 0, 3.2.6-2build1 |
| Ubuntu:24.04:LTS | cyrus-imapd | 0, 3.8.0-5, 3.8.1-1 |
Exploit Intelligence
- https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released (circl)
- https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released (circl)
- https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html (circl)
- https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html (circl)
- FEDORA-2022-c30b1a8aa3 (circl)
- FEDORA-2022-d45bcc5447 (circl)
Timeline
- May 10, 2021 CVE Published
- May 11, 2021 EPSS Score
- Jul 14, 2021 EPSS Score
- Sep 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 15, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 20, 2022 EPSS Score
- Mar 18, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 21, 2022 EPSS Score
- Sep 20, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32056 third-party-advisory
- https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 third-party-advisory
- https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released third-party-advisory
- https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html third-party-advisory
- https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html third-party-advisory
- https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32056 third-party-advisory