Descriptioncyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2044-1, DSA-4591-1
Debian Bugs947043

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cyrus-sasl2 (PTS)buster, buster (security)2.1.27+dfsg-1+deb10u2fixed
bullseye (security), bullseye2.1.27+dfsg-2.1+deb11u1fixed
bookworm, sid2.1.28+dfsg-10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Fixed by: (master)
Fixed by: (master)
Fixed by: (cyrus-sasl-2.1.28)
Fixed by: (cyrus-sasl-2.1.28)
DSA-4591-1 applied only the first part of the fix which was incomplete (but can be
considered a functional incomplete fix, thus not warranting a CVE):
The functional incomplete fix was already addressed in unstable with 2.1.27+dfsg2-1

Search for package or bug name: Reporting problems