{"api_version":"1","generated_at":"2026-04-23T09:52:10+00:00","cve":"CVE-2009-0688","urls":{"html":"https://cve.report/CVE-2009-0688","api":"https://cve.report/api/cve/CVE-2009-0688.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0688","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0688"},"summary":{"title":"CVE-2009-0688","description":"Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.","state":"PUBLISHED","assigner":"certcc","published_at":"2009-05-15 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2009/2012","name":"http://www.vupen.com/english/advisories/2009/2012","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35094","name":"http://secunia.com/advisories/35094","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cyrus SASL \"sasl_encode64()\" Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/238019","name":"http://www.kb.cert.org/vuls/id/238019","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","US Government Resource"],"title":"US-CERT Vulnerability Note VU#238019","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz","name":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"application/x-tar","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/35497","name":"http://secunia.com/advisories/35497","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for cyrus-imapd - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2009/dsa-1807","name":"http://www.debian.org/security/2009/dsa-1807","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1807-1 cyrus-sasl2, cyrus-sasl2-heimdal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#259148: Security Vulnerability in the Solaris Simple Authentication and Security Layer (SASL) Library (see libsasl(3LIB)) Routine sasl_encode64(3SASL) may Allow Unprivileged Users to Crash Applications Using this Function","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35321","name":"http://secunia.com/advisories/35321","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for cyrus-sasl2 and cyrus-sasl2-heimdal - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#273910: This Alert covers CVE-2009-2404 and CVE-2009-0688 for the Directory Server component of the Sun ONE Directory Server and Sun Java System Directory Server products.","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1313","name":"http://www.vupen.com/english/advisories/2009/1313","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35097","name":"http://secunia.com/advisories/35097","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for cyrus-sasl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:113","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:113","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2009:113 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022231","name":"http://www.securitytracker.com/id?1022231","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cyrus SASL Buffer Overflow in sasl_encode64 Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://secunia.com/advisories/35746","name":"http://secunia.com/advisories/35746","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for cyrus-sasl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-790-1","name":"http://www.ubuntu.com/usn/usn-790-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-790-1: Cyrus SASL vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35239","name":"http://secunia.com/advisories/35239","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rPath update for cyrus-sasl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/54514","name":"http://osvdb.org/54514","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://osvdb.org/54515","name":"http://osvdb.org/54515","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35206","name":"http://secunia.com/advisories/35206","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Avaya CMS Solaris SASL Library Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-103B.html","name":"http://www.us-cert.gov/cas/techalerts/TA10-103B.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA10-103B -- Oracle Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","name":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ASA-2009-184 (SUN 259148)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091","name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories:rPSA-2009-0091 - rPath Wiki","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT4077","name":"http://support.apple.com/kb/HT4077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50554","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50554","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/39428","name":"http://secunia.com/advisories/39428","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Directory Server Two Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/34961","name":"http://www.securityfocus.com/bid/34961","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/35416","name":"http://secunia.com/advisories/35416","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE Update for Multiple Packages - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html","name":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2010","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35102","name":"http://secunia.com/advisories/35102","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Solaris SASL Library Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200907-09.xml","name":"http://security.gentoo.org/glsa/glsa-200907-09.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Cyrus-SASL: Execution of arbitrary code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-1116.html","name":"http://www.redhat.com/support/errata/RHSA-2009-1116.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0688","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0688","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.26","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.28","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"1.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"2.1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"688","vulnerable":"1","versionEndIncluding":"2.1.22","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"carnegie_mellon_university","cpe5":"cyrus-sasl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2009-0688","organization":"Red Hat","lastmodified":"2009-06-19","contributor":"Tomas Hoger","statementText":"The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux. Therefore, there is no plan to address this problem directly in cyrus-sasl packages. All applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences. See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20","cve_year":"2009","cve_id":"688","crc32":"927d68f2"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:40:05.371Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"54515","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/54515"},{"name":"35239","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35239"},{"name":"TA10-103B","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-103B.html"},{"name":"35321","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35321"},{"name":"VU#238019","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/238019"},{"name":"35497","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35497"},{"name":"35102","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35102"},{"name":"SSA:2009-134-01","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"},{"name":"35746","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35746"},{"name":"39428","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/39428"},{"name":"1020755","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"},{"name":"35094","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35094"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"DSA-1807","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1807"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"},{"name":"oval:org.mitre.oval:def:6136","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"},{"name":"35097","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35097"},{"name":"ADV-2009-1313","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1313"},{"name":"ADV-2009-2012","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/2012"},{"name":"oval:org.mitre.oval:def:10687","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"},{"name":"SUSE-SR:2009:011","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"},{"name":"1021699","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"},{"name":"GLSA-200907-09","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200907-09.xml"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT4077"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"},{"name":"264248","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"},{"name":"35206","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35206"},{"name":"259148","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"},{"name":"MDVSA-2009:113","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"},{"name":"RHSA-2009:1116","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1116.html"},{"name":"34961","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34961"},{"name":"35416","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35416"},{"name":"273910","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"},{"name":"54514","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/54514"},{"name":"USN-790-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/usn-790-1"},{"name":"1022231","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022231"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"},{"name":"solaris-sasl-saslencode64-bo(50554)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-04-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-28T12:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"54515","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/54515"},{"name":"35239","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35239"},{"name":"TA10-103B","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-103B.html"},{"name":"35321","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35321"},{"name":"VU#238019","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/238019"},{"name":"35497","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35497"},{"name":"35102","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35102"},{"name":"SSA:2009-134-01","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"},{"name":"35746","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35746"},{"name":"39428","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/39428"},{"name":"1020755","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"},{"name":"35094","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35094"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"DSA-1807","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1807"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"},{"name":"oval:org.mitre.oval:def:6136","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"},{"name":"35097","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35097"},{"name":"ADV-2009-1313","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1313"},{"name":"ADV-2009-2012","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/2012"},{"name":"oval:org.mitre.oval:def:10687","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"},{"name":"SUSE-SR:2009:011","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"},{"name":"1021699","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"},{"name":"GLSA-200907-09","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200907-09.xml"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT4077"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"},{"name":"264248","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"},{"name":"35206","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35206"},{"name":"259148","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"},{"name":"MDVSA-2009:113","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"},{"name":"RHSA-2009:1116","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1116.html"},{"name":"34961","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34961"},{"name":"35416","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35416"},{"name":"273910","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"},{"name":"54514","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/54514"},{"name":"USN-790-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/usn-790-1"},{"name":"1022231","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022231"},{"tags":["x_refsource_CONFIRM"],"url":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"},{"name":"solaris-sasl-saslencode64-bo(50554)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2009-0688","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"54515","refsource":"OSVDB","url":"http://osvdb.org/54515"},{"name":"35239","refsource":"SECUNIA","url":"http://secunia.com/advisories/35239"},{"name":"TA10-103B","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA10-103B.html"},{"name":"35321","refsource":"SECUNIA","url":"http://secunia.com/advisories/35321"},{"name":"VU#238019","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/238019"},{"name":"35497","refsource":"SECUNIA","url":"http://secunia.com/advisories/35497"},{"name":"35102","refsource":"SECUNIA","url":"http://secunia.com/advisories/35102"},{"name":"SSA:2009-134-01","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"},{"name":"35746","refsource":"SECUNIA","url":"http://secunia.com/advisories/35746"},{"name":"39428","refsource":"SECUNIA","url":"http://secunia.com/advisories/39428"},{"name":"1020755","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"},{"name":"35094","refsource":"SECUNIA","url":"http://secunia.com/advisories/35094"},{"name":"APPLE-SA-2010-03-29-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"DSA-1807","refsource":"DEBIAN","url":"http://www.debian.org/security/2009/dsa-1807"},{"name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091","refsource":"CONFIRM","url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"},{"name":"oval:org.mitre.oval:def:6136","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"},{"name":"35097","refsource":"SECUNIA","url":"http://secunia.com/advisories/35097"},{"name":"ADV-2009-1313","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1313"},{"name":"ADV-2009-2012","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/2012"},{"name":"oval:org.mitre.oval:def:10687","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"},{"name":"SUSE-SR:2009:011","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"},{"name":"1021699","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"},{"name":"GLSA-200907-09","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200907-09.xml"},{"name":"http://support.apple.com/kb/HT4077","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT4077"},{"name":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"},{"name":"264248","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"},{"name":"35206","refsource":"SECUNIA","url":"http://secunia.com/advisories/35206"},{"name":"259148","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"},{"name":"MDVSA-2009:113","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"},{"name":"RHSA-2009:1116","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2009-1116.html"},{"name":"34961","refsource":"BID","url":"http://www.securityfocus.com/bid/34961"},{"name":"35416","refsource":"SECUNIA","url":"http://secunia.com/advisories/35416"},{"name":"273910","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"},{"name":"54514","refsource":"OSVDB","url":"http://osvdb.org/54514"},{"name":"USN-790-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-790-1"},{"name":"1022231","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022231"},{"name":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz","refsource":"CONFIRM","url":"ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"},{"name":"solaris-sasl-saslencode64-bo(50554)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2009-0688","datePublished":"2009-05-15T15:00:00.000Z","dateReserved":"2009-02-22T00:00:00.000Z","dateUpdated":"2024-08-07T04:40:05.371Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-05-15 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.22","matchCriteriaId":"BE960939-A4EB-48EF-AF34-55594AE7DC77"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"89BEB28E-8CB4-40D1-8C1C-C9176FF85375"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"FC6C6AED-7F54-4833-AD7A-DBA943D556CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.2:*:*:*:*:*:*:*","matchCriteriaId":"A2480238-1543-41F8-8AE8-8B39C435909F"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.3:*:*:*:*:*:*:*","matchCriteriaId":"EA3AD0B1-CA87-4781-859D-817AC36C0E75"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"3420B0EC-C2B5-4391-994D-A379A84375D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.10:*:*:*:*:*:*:*","matchCriteriaId":"C792FC66-0903-4339-9594-286E22A332B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.11:*:*:*:*:*:*:*","matchCriteriaId":"CFFC1662-FC2F-4F0C-9F54-A593D2272728"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.13:*:*:*:*:*:*:*","matchCriteriaId":"9163D050-653D-4E19-8650-C63AAE756A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.15:*:*:*:*:*:*:*","matchCriteriaId":"D1355304-ECEB-465C-B4E4-61F280B93083"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.16:*:*:*:*:*:*:*","matchCriteriaId":"838325C9-9F9F-438C-A3A7-E88C29D0D508"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.20:*:*:*:*:*:*:*","matchCriteriaId":"B64D37E3-5068-4773-A0E4-DF48CB1B5988"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.21:*:*:*:*:*:*:*","matchCriteriaId":"46B91E81-E4DF-402D-AFC9-106F8E7BE280"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.22:*:*:*:*:*:*:*","matchCriteriaId":"86C8037E-E7C5-41F2-8200-6BCF1F4231AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.23:*:*:*:*:*:*:*","matchCriteriaId":"729258B3-E537-4B7D-8C4D-2257B86C746C"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.24:*:*:*:*:*:*:*","matchCriteriaId":"DD2651BC-04DB-4807-95FC-E4DD48A504F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.26:*:*:*:*:*:*:*","matchCriteriaId":"BCE4D1B8-61E1-4862-B014-C3B4306643F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.27:*:*:*:*:*:*:*","matchCriteriaId":"340A8945-CDC4-4C27-829A-526E7ABE8AD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:1.5.28:*:*:*:*:*:*:*","matchCriteriaId":"A8322F46-565E-4FBE-B42B-A369DB971954"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"FE6F481C-5209-499F-94CC-D552961AC4F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2103985B-3283-4A60-B8E1-54E3243E0CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"33BCA1DC-E392-4BAB-B988-D4EAC2D0762D"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"11FCE614-FC84-4533-B40B-F71B4CA9259A"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"0E1FB96F-9A6E-4CAB-8D1D-3B980B1BE125"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"33A6FD48-AB9B-49E9-8987-7791E0CB8CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"041EE0B5-4125-4A93-B91B-DD6A49C34FE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"747F34DD-5645-46D1-A256-CFBC5A399B76"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"A81A7CD5-5E03-45BA-9F49-E2A6AEB7C353"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"6CB9648A-2393-41D8-8B2E-72A6E1B3FB68"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"220421BF-64E7-4014-9143-5699FDF41024"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5948936A-076E-48B7-ACE0-C53067780AF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.7:*:*:*:*:*:*:*","matchCriteriaId":"237344AF-AE16-40EF-AECE-F7659193B3E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.8:*:*:*:*:*:*:*","matchCriteriaId":"662552C9-0BE5-42DF-81BA-DE0DDF72F76D"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.9:*:*:*:*:*:*:*","matchCriteriaId":"B8E226EA-AD15-4DB9-9599-F7A91FDA879F"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.10:*:*:*:*:*:*:*","matchCriteriaId":"5A09BFB5-E2B0-43EE-AA80-EE2E58A188AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.11:*:*:*:*:*:*:*","matchCriteriaId":"E838CB52-C13A-45C6-9B21-87A3D8701F15"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.12:*:*:*:*:*:*:*","matchCriteriaId":"B99BDFC9-2002-4C2A-A3ED-C4FB49A77C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.13:*:*:*:*:*:*:*","matchCriteriaId":"6E18DC9D-A315-4A26-816D-86F90E198660"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.14:*:*:*:*:*:*:*","matchCriteriaId":"AF41DE28-AD62-4591-8541-0CA3D0397F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.15:*:*:*:*:*:*:*","matchCriteriaId":"5F32C986-EAF2-45A1-8DCE-222F422FC3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.16:*:*:*:*:*:*:*","matchCriteriaId":"22094743-3B1A-42CD-B30C-B4E986C0F511"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.17:*:*:*:*:*:*:*","matchCriteriaId":"2BF7D594-6111-435A-8689-F5B23CB0457B"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.18:*:*:*:*:*:*:*","matchCriteriaId":"413902AD-3EFE-480E-B8EC-C6F28AF84C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.19:*:*:*:*:*:*:*","matchCriteriaId":"A181DAC2-112F-4C6A-8292-7526DD592A58"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.20:*:*:*:*:*:*:*","matchCriteriaId":"DF8F6313-9CC5-4685-8E26-BD7CF8CBFDE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:carnegie_mellon_university:cyrus-sasl:2.1.21:*:*:*:*:*:*:*","matchCriteriaId":"923C3D5B-A676-40C2-B8BC-C25A1B5FC1E1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"688","Ordinal":"1","Title":"CVE-2009-0688","CVE":"CVE-2009-0688","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"688","Ordinal":"1","NoteData":"Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.","Type":"Description","Title":"CVE-2009-0688"},{"CveYear":"2009","CveId":"688","Ordinal":"2","NoteData":"2009-05-15","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"688","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}