Carnegie Mellon University: >> Cyrus-Sasl Security Vulnerabilities
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
CVSS Score
7.5
EPSS Score
0.314
Published
2009-05-15
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-12-19