FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d915d96-0b1f-11ec-8d9f-080027415d17cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction

Cyrus IMAP 3.4.2 Release Notes states:

Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes. The string hashing algorithm has been replaced with a better one, and now also uses a random seed per hash table, so malicious inputs cannot be precomputed.


Discovery 2021-05-26
Entry 2021-09-01
cyrus-imapd34
lt 3.4.2

cyrus-imapd32
lt 3.2.8

cyrus-imapd30
lt 3.0.16

cyrus-imapd25
cyrus-imapd24
cyrus-imapd23
gt 0

CVE-2021-33582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582
10fd731c-8088-11e9-b6ae-001871ec5271cyrus-imapd -- buffer overrun in httpd

Cyrus IMAP 3.0.10 Release Notes states:

Fixed CVE-2019-11356: buffer overrun in httpd


Discovery 2019-04-19
Entry 2019-05-27
cyrus-imapd30
ge 3.0.0 lt 3.0.10

cyrus-imapd25
ge 2.5.0 lt 2.5.13

CVE-2019-11356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11356
f9f76a50-9642-11e7-ab09-080027b00c2ecyrus-imapd -- broken "other users" behaviour

Cyrus IMAP 3.0.4 Release Notes states:

Fixed Issue #2132: Broken "Other Users" behaviour


Discovery 2017-09-07
Entry 2017-09-10
cyrus-imapd30
ge 3.0.0 lt 3.0.4

CVE-2017-14230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14230