CVE-2019-19906
Summary
| CVE | CVE-2019-19906 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-19 18:15:00 UTC |
| Updated | 2023-11-07 03:07:00 UTC |
| Description | cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. |
Risk And Classification
Problem Types: CWE-787 | CWE-193
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Bookkeeper | 4.12.1 | All | All | All |
| Operating System | Apple | Ipados | 13.6 | All | All | All |
| Operating System | Apple | Iphone Os | 13.6 | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | - | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-003 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | - | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-003 | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Centos | Centos | 7.0 | All | All | All |
| Application | Cyrusimap | Cyrus-sasl | All | All | All | All |
| Application | Cyrusimap | Cyrus-sasl | 2.1.27 | All | All | All |
| Application | Cyrusimap | Cyrus-sasl | 2.1.27 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.4 | All | All | All |
| Application | Redhat | Jboss Enterprise Web Server | 2.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | lists.apache.org | ||
| Off by one in _sasl_add_string function · Issue #587 · cyrusimap/cyrus-sasl · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Full Disclosure: APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 | FULLDISC | seclists.org | |
| [SECURITY] Fedora 32 Update: cyrus-sasl-2.1.27-4.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 31 Update: cyrus-sasl-2.1.27-3.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| oss-security - Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906] | MLIST | www.openwall.com | |
| About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support | CONFIRM | support.apple.com | |
| Full Disclosure: APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra | FULLDISC | seclists.org | |
| About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support | CONFIRM | support.apple.com | |
| USN-4256-1: Cyrus SASL vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| Bugtraq: [SECURITY] [DSA 4591-1] cyrus-sasl2 security update | BUGTRAQ | seclists.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 32 Update: cyrus-sasl-2.1.27-4.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [SECURITY] Fedora 31 Update: cyrus-sasl-2.1.27-3.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | lists.apache.org | ||
| Debian -- Security Information -- DSA-4591-1 cyrus-sasl2 | DEBIAN | www.debian.org | Third Party Advisory |
| OpenLDAP ITS - Incoming/9123 | MISC | www.openldap.org | Exploit, Third Party Advisory |
| [SECURITY] [DLA 2044-1] cyrus-sasl2 security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
- 377136 Alibaba Cloud Linux Security Update for cyrus-sasl (ALINUX3-SA-2022:0013)
- 500141 Alpine Linux Security Update for cyrus-sasl
- 503791 Alpine Linux Security Update for cyrus-sasl
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 691007 Free Berkeley Software Distribution (FreeBSD) Security Update for cyrus (a80c6273-988c-11ec-83ac-080027415d17)
- 752666 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:3549-1)
- 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
- 900126 CBL-Mariner Linux Security Update for cyrus-sasl 2.1.27
- 900891 Common Base Linux Mariner (CBL-Mariner) Security Update for cyrus-sasl (6369-1)
- 903048 Common Base Linux Mariner (CBL-Mariner) Security Update for cyrus-sasl (1803)
- 940316 AlmaLinux Security Update for cyrus-sasl (ALSA-2020:4497)
- 960728 Rocky Linux Security Update for cyrus-sasl (RLSA-2020:4497)