Unrated severityNVD Advisory· Published Sep 14, 2011· Updated Apr 29, 2026
CVE-2011-3208
CVE-2011-3208
Description
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
Affected products
40cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:cmu:cyrus_imap_server:*:*:*:*:*:*:*:*range: <=2.3.16
- cpe:2.3:a:cmu:cyrus_imap_server:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.13p1:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:cmu:cyrus_imap_server:2.4.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- git.cyrusimap.org/cyrus-imapd/commit/nvdPatch
- git.cyrusimap.org/cyrus-imapd/commit/nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/45938nvdVendor Advisory
- secunia.com/advisories/45975nvdVendor Advisory
- secunia.com/advisories/46064nvdVendor Advisory
- asg.andrew.cmu.edu/archive/message.phpnvd
- asg.andrew.cmu.edu/archive/message.phpnvd
- lists.opensuse.org/opensuse-updates/2011-09/msg00019.htmlnvd
- securitytracker.com/idnvd
- www.debian.org/security/2011/dsa-2318nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/75307nvd
- www.redhat.com/support/errata/RHSA-2011-1317.htmlnvd
- www.securityfocus.com/bid/49534nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/69679nvd
- hermes.opensuse.org/messages/11723935nvd
News mentions
0No linked articles in our index yet.