CVE-2019-19906
19.12.2019, 18:15
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cyrusimap | cyrus-sasl | 𝑥 < 2.1.28 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| redhat | jboss_enterprise_web_server | 2.0.0 |
| apple | mac_os_x | 10.14.6 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.4 |
| apple | ipados | 13.6 |
| apple | iphone_os | 13.6 |
| apple | mac_os_x | 𝑥 < 10.13.6 |
| apple | mac_os_x | 10.13.0 ≤ 𝑥 < 10.13.6 |
| apple | mac_os_x | 10.15.0 ≤ 𝑥 < 10.15.6 |
| apple | mac_os_x | 10.13.6 |
| apple | mac_os_x | 10.13.6:security_update_2018-002 |
| apple | mac_os_x | 10.13.6:security_update_2018-003 |
| apple | mac_os_x | 10.13.6:security_update_2019-001 |
| apple | mac_os_x | 10.13.6:security_update_2019-002 |
| apple | mac_os_x | 10.13.6:security_update_2019-003 |
| apple | mac_os_x | 10.13.6:security_update_2019-004 |
| apple | mac_os_x | 10.13.6:security_update_2019-005 |
| apple | mac_os_x | 10.13.6:security_update_2019-006 |
| apple | mac_os_x | 10.13.6:security_update_2019-007 |
| apple | mac_os_x | 10.13.6:security_update_2020-001 |
| apple | mac_os_x | 10.13.6:security_update_2020-002 |
| apple | mac_os_x | 10.13.6:security_update_2020-003 |
| apple | mac_os_x | 10.14.6:security_update_2019-001 |
| apple | mac_os_x | 10.14.6:security_update_2019-002 |
| apple | mac_os_x | 10.14.6:security_update_2019-004 |
| apple | mac_os_x | 10.14.6:security_update_2019-005 |
| apple | mac_os_x | 10.14.6:security_update_2019-006 |
| apple | mac_os_x | 10.14.6:security_update_2019-007 |
| apple | mac_os_x | 10.14.6:security_update_2020-001 |
| apple | mac_os_x | 10.14.6:security_update_2020-002 |
| apple | mac_os_x | 10.14.6:security_update_2020-003 |
| apache | bookkeeper | 4.12.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References