| Name | CVE-2019-19906 |
| Description | cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-2044-1, DSA-4591-1 |
| Debian Bugs | 947043 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| cyrus-sasl2 (PTS) | buster, buster (security) | 2.1.27+dfsg-1+deb10u2 | fixed |
| bullseye (security), bullseye | 2.1.27+dfsg-2.1+deb11u1 | fixed |
| bookworm | 2.1.28+dfsg-10 | fixed |
| trixie | 2.1.28+dfsg1-4 | fixed |
| sid | 2.1.28+dfsg1-6 | fixed |
The information below is based on the following data on fixed versions.
Notes
https://github.com/cyrusimap/cyrus-sasl/issues/587
Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 (master)
Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/f96ba043fb9ffd30f7089564164203136506e7ab (master)
Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/332b8c591b662bce4a2dae55cad9784e15096908 (cyrus-sasl-2.1.28)
Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/5ac1beeb574cd9d0a518d72330b19d2460688089 (cyrus-sasl-2.1.28)
https://www.openldap.org/its/index.cgi/Incoming?id=9123
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
DSA-4591-1 applied only the first part of the fix which was incomplete (but can be
considered a functional incomplete fix, thus not warranting a CVE):
https://github.com/cyrusimap/cyrus-sasl/pull/655
The functional incomplete fix was already addressed in unstable with 2.1.27+dfsg2-1