{"api_version":"1","generated_at":"2026-06-03T09:52:28+00:00","cve":"CVE-2009-2632","urls":{"html":"https://cve.report/CVE-2009-2632","api":"https://cve.report/api/cve/CVE-2009-2632.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-2632","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-2632"},"summary":{"title":"CVE-2009-2632","description":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.","state":"PUBLISHED","assigner":"certcc","published_at":"2009-09-08 23:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.4","severity":"","vector":"AV:L/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/36377","name":"http://www.securityfocus.com/bid/36377","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/36904","name":"http://secunia.com/advisories/36904","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ubuntu update for dovecot  - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dovecot.org/list/dovecot-news/2009-September/000135.html","name":"http://dovecot.org/list/dovecot-news/2009-September/000135.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Dovecot-news] Security holes in CMU Sieve plugin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail","name":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/x-diff","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/2641","name":"http://www.vupen.com/english/advisories/2009/2641","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/58103","name":"http://www.osvdb.org/58103","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html","name":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Cyrus-CVS] src/sieve by brong","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 10 Update: dovecot-1.1.18-2.fc10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36629","name":"http://secunia.com/advisories/36629","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cyrus IMAP Server Sieve Buffer Overflow Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/2559","name":"http://www.vupen.com/english/advisories/2009/2559","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2009/09/14/3","name":"http://www.openwall.com/lists/oss-security/2009/09/14/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE for recent cyrus-imap issue","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36698","name":"http://secunia.com/advisories/36698","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Dovecot CMU Sieve Plugin Buffer Overflow Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/36296","name":"http://www.securityfocus.com/bid/36296","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/36632","name":"http://secunia.com/advisories/36632","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Security Advisory SA36632 - Debian update for cyrus-imapd-2.2 - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","name":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36713","name":"http://secunia.com/advisories/36713","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA36713 - Fedora update for dovecot - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2009/dsa-1881","name":"http://www.debian.org/security/2009/dsa-1881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Debian -- Security Information -- DSA-1881-1 cyrus-imapd-2.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT4077","name":"http://support.apple.com/kb/HT4077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html","name":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Cyrus-CVS] src/sieve by brong","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-838-1","name":"http://www.ubuntu.com/usn/USN-838-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-838-1: Dovecot vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-2632","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2632","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"2632","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus_imap_server","cpe6":"2.2.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2632","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cmu","cpe5":"cyrus_imap_server","cpe6":"2.3.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2009-2632","qid":"690562","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for cyrus-imapd (012b495c-9d51-11de-8d20-001bd3385381)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T05:59:56.175Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"36377","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/36377"},{"name":"DSA-1881","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1881"},{"name":"36713","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36713"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"},{"name":"36629","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36629"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail"},{"name":"[Dovecot-news] 20090914 Security holes in CMU Sieve plugin","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://dovecot.org/list/dovecot-news/2009-September/000135.html"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"},{"name":"36632","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36632"},{"name":"USN-838-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-838-1"},{"name":"58103","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/58103"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT4077"},{"name":"SUSE-SR:2009:016","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"36904","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36904"},{"name":"36698","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36698"},{"name":"36296","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/36296"},{"name":"ADV-2009-2641","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/2641"},{"name":"ADV-2009-2559","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/2559"},{"name":"FEDORA-2009-9559","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"},{"name":"oval:org.mitre.oval:def:10082","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"},{"name":"[oss-security] 20090914 Re: CVE for recent cyrus-imap issue","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/09/14/3"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-09-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"36377","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/36377"},{"name":"DSA-1881","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1881"},{"name":"36713","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36713"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"},{"name":"36629","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36629"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail"},{"name":"[Dovecot-news] 20090914 Security holes in CMU Sieve plugin","tags":["mailing-list","x_refsource_MLIST"],"url":"http://dovecot.org/list/dovecot-news/2009-September/000135.html"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"},{"name":"36632","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36632"},{"name":"USN-838-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-838-1"},{"name":"58103","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/58103"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT4077"},{"name":"SUSE-SR:2009:016","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"36904","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36904"},{"name":"36698","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36698"},{"name":"36296","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/36296"},{"name":"ADV-2009-2641","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/2641"},{"name":"ADV-2009-2559","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/2559"},{"name":"FEDORA-2009-9559","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"},{"name":"oval:org.mitre.oval:def:10082","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"},{"name":"[oss-security] 20090914 Re: CVE for recent cyrus-imap issue","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/09/14/3"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2009-2632","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"36377","refsource":"BID","url":"http://www.securityfocus.com/bid/36377"},{"name":"DSA-1881","refsource":"DEBIAN","url":"http://www.debian.org/security/2009/dsa-1881"},{"name":"36713","refsource":"SECUNIA","url":"http://secunia.com/advisories/36713"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","refsource":"MLIST","url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.html"},{"name":"36629","refsource":"SECUNIA","url":"http://secunia.com/advisories/36629"},{"name":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail","refsource":"CONFIRM","url":"https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.62&r2=1.62.2.1&only_with_tag=cyrus-imapd-2_2-tail"},{"name":"[Dovecot-news] 20090914 Security holes in CMU Sieve plugin","refsource":"MLIST","url":"http://dovecot.org/list/dovecot-news/2009-September/000135.html"},{"name":"APPLE-SA-2010-03-29-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"[Cyrus-CVS] 20090902 src/sieve by brong","refsource":"MLIST","url":"https://lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.html"},{"name":"36632","refsource":"SECUNIA","url":"http://secunia.com/advisories/36632"},{"name":"USN-838-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-838-1"},{"name":"58103","refsource":"OSVDB","url":"http://www.osvdb.org/58103"},{"name":"http://support.apple.com/kb/HT4077","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT4077"},{"name":"SUSE-SR:2009:016","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"},{"name":"36904","refsource":"SECUNIA","url":"http://secunia.com/advisories/36904"},{"name":"36698","refsource":"SECUNIA","url":"http://secunia.com/advisories/36698"},{"name":"36296","refsource":"BID","url":"http://www.securityfocus.com/bid/36296"},{"name":"ADV-2009-2641","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/2641"},{"name":"ADV-2009-2559","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/2559"},{"name":"FEDORA-2009-9559","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"},{"name":"oval:org.mitre.oval:def:10082","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082"},{"name":"[oss-security] 20090914 Re: CVE for recent cyrus-imap issue","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2009/09/14/3"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2009-2632","datePublished":"2009-09-08T23:00:00.000Z","dateReserved":"2009-07-28T00:00:00.000Z","dateUpdated":"2024-08-07T05:59:56.175Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-09-08 23:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*","matchCriteriaId":"EE067B25-86BF-4607-9988-F7564478805A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*","matchCriteriaId":"507FD8BF-2387-4745-A15F-FC7389D02695"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"2632","Ordinal":"1","Title":"CVE-2009-2632","CVE":"CVE-2009-2632","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"2632","Ordinal":"1","NoteData":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.","Type":"Description","Title":"CVE-2009-2632"},{"CveYear":"2009","CveId":"2632","Ordinal":"2","NoteData":"2009-09-08","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"2632","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}