Unrated severityNVD Advisory· Published Sep 8, 2009· Updated Jun 16, 2026
CVE-2009-2632
CVE-2009-2632
Description
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
- Range: 2.2.13 and 2.3.14
- Range: <1.0.4 and <1.1.7
Patches
Vulnerability mechanics
References
22- www.debian.org/security/2009/dsa-1881nvdPatch
- www.securityfocus.com/bid/36296nvdPatch
- www.vupen.com/english/advisories/2009/2559nvdPatchVendor Advisory
- secunia.com/advisories/36629nvdVendor Advisory
- secunia.com/advisories/36632nvdVendor Advisory
- dovecot.org/list/dovecot-news/2009-September/000135.htmlnvd
- lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlnvd
- secunia.com/advisories/36698nvd
- secunia.com/advisories/36713nvd
- secunia.com/advisories/36904nvd
- support.apple.com/kb/HT4077nvd
- www.openwall.com/lists/oss-security/2009/09/14/3nvd
- www.osvdb.org/58103nvd
- www.securityfocus.com/bid/36377nvd
- www.ubuntu.com/usn/USN-838-1nvd
- www.vupen.com/english/advisories/2009/2641nvd
- bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diffnvd
- lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001253.htmlnvd
- lists.andrew.cmu.edu/pipermail/cyrus-cvs/2009-September/001254.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10082nvd
- www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.htmlnvd
News mentions
0No linked articles in our index yet.