Inefficient Algorithmic Complexity

CVE-2021-33582

High

7.5/10

Summary

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-407 - Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

Advisory Timeline

Published Sep 01, 2021

Inefficient Algorithmic Complexity

CVE-2021-33582

Summary

CWE-407 - Inefficient Algorithmic Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS