CVE-2022-24407

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-24407
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-02-24 15:15:00 UTC
Updated2023-11-07 03:44:00 UTC
DescriptionIn Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Risk And Classification

Problem Types: CWE-89

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Cyrusimap Cyrus-sasl All All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 34 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Ontap Select Deploy Administration Utility - All All All
Application Oracle Communications Cloud Native Core Console 22.2.0 All All All
Application Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0 All All All
Application Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 All All All

References

ReferenceSourceLinkTags
Cyrus SASL 2.1.x Release Notes — Cyrus SASL 2.1.28 documentation MISC www.cyrusimap.org
[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
cyrus-sasl/index.rst at fdcd13ceaef8de684dc69008011fa865c5b4a3ac · cyrusimap/cyrus-sasl · GitHub CONFIRM github.com
[SECURITY] [DLA 2931-1] cyrus-sasl2 security update MLIST lists.debian.org
oss-security - Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906] MLIST www.openwall.com
[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE-2022-24407 Cyrus SASL Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5087-1 cyrus-sasl2 DEBIAN www.debian.org
Oracle Critical Patch Update Advisory - July 2022 N/A www.oracle.com
[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159673 Oracle Enterprise Linux Security Update for cyrus-sasl (ELSA-2022-0658)
  • 159677 Oracle Enterprise Linux Security Update for cyrus-sasl (ELSA-2022-0666)
  • 159725 Oracle Enterprise Linux Security Update for cyrus-sasl (ELSA-2022-9239)
  • 179093 Debian Security Update for cyrus-sasl2 (DSA 5087-1)
  • 179102 Debian Security Update for cyrus-sasl2 (DLA 2931-1)
  • 184602 Debian Security Update for cyrus-sasl2 (CVE-2022-24407)
  • 198675 Ubuntu Security Notification for Cyrus SASL Vulnerability (USN-5301-1)
  • 240107 Red Hat Update for cyrus-sasl (RHSA-2022:0658)
  • 240111 Red Hat Update for cyrus-sasl (RHSA-2022:0668)
  • 240113 Red Hat Update for cyrus-sasl (RHSA-2022:0666)
  • 240118 Red Hat Update for cyrus-sasl (RHSA-2022:0731)
  • 240439 Red Hat Update for cyrus-sasl (RHSA-2022:0730)
  • 257159 CentOS Security Update for cyrus-sasl (CESA-2022:0666)
  • 282461 Fedora Security Update for cyrus (FEDORA-2022-f9642fab70)
  • 282466 Fedora Security Update for cyrus (FEDORA-2022-8cc64f73d0)
  • 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
  • 353197 Amazon Linux Security Advisory for cyrus-sasl : ALAS2-2022-1758
  • 353199 Amazon Linux Security Advisory for cyrus-sasl : ALAS-2022-1574
  • 354287 Amazon Linux Security Advisory for cyrus-sasl : ALAS2022-2022-234
  • 354448 Amazon Linux Security Advisory for cyrus-sasl : ALAS2022-2022-035
  • 354563 Amazon Linux Security Advisory for cyrus-sasl : ALAS-2022-234
  • 355262 Amazon Linux Security Advisory for cyrus-sasl : ALAS2023-2023-063
  • 377044 Alibaba Cloud Linux Security Update for cyrus-sasl (ALINUX2-SA-2022:0015)
  • 377136 Alibaba Cloud Linux Security Update for cyrus-sasl (ALINUX3-SA-2022:0013)
  • 377910 Oracle MySQL Connectors 8.0.x Denial of Service (DoS) Vulnerability (CPUJAN2023)
  • 390259 Oracle VM Server for x86 Security Update for cyrus-sasl (OVMSA-2022-0010)
  • 500142 Alpine Linux Security Update for cyrus-sasl
  • 503792 Alpine Linux Security Update for cyrus-sasl
  • 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
  • 671556 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1560)
  • 671596 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1527)
  • 671681 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1712)
  • 671729 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1802)
  • 671731 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1785)
  • 671801 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1835)
  • 671818 EulerOS Security Update for cyrus-sasl (EulerOS-SA-2022-1859)
  • 690800 Free Berkeley Software Distribution (FreeBSD) Security Update for cyrus-sasl (022dde12-8f4a-11ec-83ac-080027415d17)
  • 691034 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (dc49f6dc-99d2-11ed-86e9-d4c9ef517024)
  • 751768 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:0653-1)
  • 751785 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:0693-1)
  • 751787 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:0702-1)
  • 751830 OpenSUSE Security Update for cyrus-sasl (openSUSE-SU-2022:0743-1)
  • 751986 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:0743-1)
  • 753239 SUSE Enterprise Linux Security Update for cyrus-sasl (SUSE-SU-2022:14894-1)
  • 900671 Common Base Linux Mariner (CBL-Mariner) Security Update for cyrus-sasl (8795)
  • 901418 Common Base Linux Mariner (CBL-Mariner) Security Update for cyrus-sasl (8794-1)
  • 940458 AlmaLinux Security Update for cyrus-sasl (ALSA-2022:0658)
  • 960752 Rocky Linux Security Update for cyrus-sasl (RLSA-2022:0658)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report