CVE-2009-2632 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-2632 Interim 1 5 2023-12-09T02:03:15Z current 2021-05-30T12:47:50Z 2023-12-09T02:03:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-2632 Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62/#ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62 E-Mail link for SUSE-SR:2009:016 https://www.suse.com/support/security/rating/ SUSE Security Ratings Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. CVE-2009-2632 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P