Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

  • Published: Dec 19, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-19906
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
cyrusimap / cyrus-sasl - 2.1.28
debian / debian_linux 8.0 8.0.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 19.10 19.10.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 12.04 12.04.x
fedoraproject / fedora 31 31.x
fedoraproject / fedora 32 32.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux 6.0 6.0.x
redhat / jboss_enterprise_web_server 2.0.0 2.0.0.x
redhat / enterprise_linux 5.0 5.0.x
redhat / enterprise_linux 8.0 8.0.x
apple / mac_os_x 10.14.6 10.14.6.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 8.4.x
apple / mac_os_x - 10.13.6
apple / mac_os_x 10.13.0 10.13.6
apple / mac_os_x 10.14.6-security_update_2020-001 10.14.6-security_update_2020-001.x
apple / mac_os_x 10.14.6-security_update_2020-002 10.14.6-security_update_2020-002.x
apple / mac_os_x 10.14.6-security_update_2020-003 10.14.6-security_update_2020-003.x
apple / mac_os_x 10.14.6-security_update_2019-007 10.14.6-security_update_2019-007.x
apple / mac_os_x 10.14.6-security_update_2019-004 10.14.6-security_update_2019-004.x
apple / mac_os_x 10.14.6-security_update_2019-005 10.14.6-security_update_2019-005.x
apple / mac_os_x 10.14.6-security_update_2019-006 10.14.6-security_update_2019-006.x
apple / mac_os_x 10.13.6-security_update_2020-001 10.13.6-security_update_2020-001.x
apple / mac_os_x 10.13.6-security_update_2020-002 10.13.6-security_update_2020-002.x
apple / mac_os_x 10.13.6-security_update_2020-003 10.13.6-security_update_2020-003.x
apple / mac_os_x 10.13.6-security_update_2018-003 10.13.6-security_update_2018-003.x
apple / mac_os_x 10.13.6-security_update_2018-002 10.13.6-security_update_2018-002.x
apple / mac_os_x 10.13.6-security_update_2019-003 10.13.6-security_update_2019-003.x
apple / mac_os_x 10.13.6-security_update_2019-002 10.13.6-security_update_2019-002.x
apple / mac_os_x 10.13.6-security_update_2019-001 10.13.6-security_update_2019-001.x
apple / mac_os_x 10.13.6-security_update_2019-007 10.13.6-security_update_2019-007.x
apple / mac_os_x 10.13.6-security_update_2019-006 10.13.6-security_update_2019-006.x
apple / mac_os_x 10.13.6-security_update_2019-005 10.13.6-security_update_2019-005.x
apple / mac_os_x 10.13.6-security_update_2019-004 10.13.6-security_update_2019-004.x
apple / mac_os_x 10.13.6 10.13.6.x
apple / mac_os_x 10.14.6-security_update_2019-001 10.14.6-security_update_2019-001.x
apple / mac_os_x 10.14.6-security_update_2019-002 10.14.6-security_update_2019-002.x
apple / iphone_os 13.6 13.6.x
apple / ipados 13.6 13.6.x
apple / mac_os_x 10.15.0 10.15.6
apache / bookkeeper 4.12.1 4.12.1.x