CVE-2021-32056
Publication date 10 May 2021
Last updated 25 August 2025
Ubuntu priority
Description
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| cyrus-imapd | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
References
Other references
- https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
- https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
- https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html
- https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
- https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
- https://www.cve.org/CVERecord?id=CVE-2021-32056