Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the cyrus- imapd-3.4.1-6.el9 build changelog.

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3052 advisory.

  - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request     may be interpreted in the authentication context of an unrelated previous request that arrived over the     same connection. (CVE-2019-18928)

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3492 advisory.

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of cyrus-imapd installed on the remote host is prior to 2.4.22-1.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1559 advisory.

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of cyrus-imapd installed on the remote host is prior to 2.4.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1725 advisory.

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3492 advisory.

  - cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3546 advisory.

  - cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3492 advisory.

  - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang)     via input that is mishandled during hash-table interaction. Because there are many insertions into a     single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3492 advisory.

  - cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3493 advisory.

  - cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Cyrus IMAP 3.4.2 Release Notes states :

Fixed CVE-2021-33582: Certain user inputs are used as hash table keys during processing. A poorly chosen string hashing algorithm meant that the user could control which bucket their data was stored in, allowing a malicious user to direct many inputs to a single bucket. Each subsequent insertion to the same bucket requires a strcmp of every other entry in it. At tens of thousands of entries, each new insertion could keep the CPU busy in a strcmp loop for minutes. The string hashing algorithm has been replaced with a better one, and now also uses a random seed per hash table, so malicious inputs cannot be precomputed.

ID	Name	Product	Family	Severity
191315	CentOS 9 : cyrus-imapd-3.4.1-6.el9	Nessus	CentOS Local Security Checks	high
162402	Debian DLA-3052-1 : cyrus-imapd - LTS security update	Nessus	Debian Local Security Checks	critical
157812	Rocky Linux 8 : cyrus-imapd (RLSA-2021:3492)	Nessus	Rocky Linux Local Security Checks	high
156870	Amazon Linux AMI : cyrus-imapd (ALAS-2022-1559)	Nessus	Amazon Linux Local Security Checks	high
155994	Amazon Linux 2 : cyrus-imapd (ALAS-2021-1725)	Nessus	Amazon Linux Local Security Checks	high
153411	CentOS 8 : cyrus-imapd (CESA-2021:3492)	Nessus	CentOS Local Security Checks	high
153404	RHEL 8 : cyrus-imapd (RHSA-2021:3546)	Nessus	Red Hat Local Security Checks	high
153240	Oracle Linux 8 : cyrus-imapd (ELSA-2021-3492)	Nessus	Oracle Linux Local Security Checks	high
153233	RHEL 8 : cyrus-imapd (RHSA-2021:3492)	Nessus	Red Hat Local Security Checks	high
153231	RHEL 8 : cyrus-imapd (RHSA-2021:3493)	Nessus	Red Hat Local Security Checks	high
153073	FreeBSD : cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction (3d915d96-0b1f-11ec-8d9f-080027415d17)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2021-33582

high

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

high