Cyrus IMAP Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of- service condition. Cyrus IMAP Server versions prior to 2.3.17 and 2.4.11 are vulnerable.
Updates are available. Please see the references for more information.