CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Published: May 23, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-1926
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
cmu / cyrus_imap_server	2.2.12	2.2.12.x
cmu / cyrus_imap_server	2.3.13	2.3.13.x
cmu / cyrus_imap_server	2.2.13p1	2.2.13p1.x
cmu / cyrus_imap_server	2.3.12	2.3.12.x
cmu / cyrus_imap_server	2.4.1	2.4.1.x
cmu / cyrus_imap_server	2.1.17	2.1.17.x
cmu / cyrus_imap_server	2.4.5	2.4.5.x
cmu / cyrus_imap_server	2.3.6	2.3.6.x
cmu / cyrus_imap_server	2.3.0	2.3.0.x
cmu / cyrus_imap_server	2.2.11	2.2.11.x
cmu / cyrus_imap_server	2.3.14	2.3.14.x
cmu / cyrus_imap_server	2.3.2	2.3.2.x
cmu / cyrus_imap_server	-	2.4.6.x
cmu / cyrus_imap_server	2.4.0	2.4.0.x
cmu / cyrus_imap_server	2.3.11	2.3.11.x
cmu / cyrus_imap_server	2.3.8	2.3.8.x
cmu / cyrus_imap_server	2.3.5	2.3.5.x
cmu / cyrus_imap_server	2.2.9	2.2.9.x
cmu / cyrus_imap_server	2.4.3	2.4.3.x
cmu / cyrus_imap_server	2.4.4	2.4.4.x
cmu / cyrus_imap_server	2.3.9	2.3.9.x
cmu / cyrus_imap_server	2.3.10	2.3.10.x
cmu / cyrus_imap_server	2.2.13	2.2.13.x
cmu / cyrus_imap_server	2.1.16	2.1.16.x
cmu / cyrus_imap_server	2.3.7	2.3.7.x
cmu / cyrus_imap_server	2.2.8	2.2.8.x
cmu / cyrus_imap_server	2.3.16	2.3.16.x
cmu / cyrus_imap_server	2.0.17	2.0.17.x
cmu / cyrus_imap_server	2.3.1	2.3.1.x
cmu / cyrus_imap_server	2.4.2	2.4.2.x
cmu / cyrus_imap_server	2.3.4	2.3.4.x
cmu / cyrus_imap_server	2.2.10	2.2.10.x
cmu / cyrus_imap_server	2.1.18	2.1.18.x
cmu / cyrus_imap_server	2.3.3	2.3.3.x
cmu / cyrus_imap_server	2.3.15	2.3.15.x

Vulnerability Database

300,445

CVE-2011-1926

Deep Security Visibility Without the Complexity