|
|
|
![]() |
Vulnerability Note VU#238019Cyrus SASL library buffer overflow vulnerabilityOverviewThe Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash.I. DescriptionSASL (Simple Authentication and Security Layer) is a method for adding authentication support to various protocols. SASL is commonly used by mail servers to request authentication from clients and by clients to authenticate to servers.The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.
Cyrus SASL 2.1.23 has been released to address this issue. Before releasing fixed binaries, maintainers are encouraged to review the Cyrus vendor statement associated with this note.
References
Thanks to James Ralston for reporting this issue and providing technical information. This document was written by Ryan Giobbi.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||