CVE-2004-1012

NONE EPSS 92.4%
Published Jan 10, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.

Threat Intelligence

EPSS Exploit Probability
92.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 23

VendorProductVersionRange
carnegie_mellon_universitycyrus_imap_server2.1.7any
carnegie_mellon_universitycyrus_imap_server2.1.9any
carnegie_mellon_universitycyrus_imap_server2.1.10any
carnegie_mellon_universitycyrus_imap_server2.1.16any
carnegie_mellon_universitycyrus_imap_server2.2.0_alphaany
carnegie_mellon_universitycyrus_imap_server2.2.1_betaany
carnegie_mellon_universitycyrus_imap_server2.2.2_betaany
carnegie_mellon_universitycyrus_imap_server2.2.3any
carnegie_mellon_universitycyrus_imap_server2.2.4any
carnegie_mellon_universitycyrus_imap_server2.2.5any
carnegie_mellon_universitycyrus_imap_server2.2.6any
carnegie_mellon_universitycyrus_imap_server2.2.7any
carnegie_mellon_universitycyrus_imap_server2.2.8any
openpkgopenpkgcurrentany
conectivalinux9.0any
conectivalinux10.0any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 10

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.