Unrated severityNVD Advisory· Published Jan 18, 2013· Updated Apr 29, 2026

CVE-2012-2124

Description

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

Affected products

SquirrelMail/Squirrelmail
cpe:2.3:a:squirrelmail:squirrelmail:-:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0126.htmlnvdVendor Advisory
secunia.com/advisories/51730nvdVendor Advisory
www.openwall.com/lists/oss-security/2012/04/20/22nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000