Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Apr 16, 2026

CVE-2004-1013

Description

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.

Affected products

Conectiva/Linux2 versions
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Red Hat/Fedora Core2 versions
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
Trustix/Secure Linux3 versions
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
Carnegie Mellon University/Cyrus Imap Server13 versions
cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.1_beta:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.2_beta:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:carnegie_mellon_university:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
OpenPKG/Openpkg
cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*
Ubuntu/Linux2 versions
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*+ 1 more
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2004/dsa-597nvdPatchVendor Advisory
asg.web.cmu.edu/archive/message.phpnvd
asg.web.cmu.edu/cyrus/download/imapd/changes.htmlnvd
marc.infonvd
secunia.com/advisories/13274/nvd
security.e-matters.de/advisories/152004.htmlnvd
security.gentoo.org/glsa/glsa-200411-34.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.ubuntu.com/usn/usn-31-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000