A flaw was found in cyrus-imapd 2.4, 2.5, 3.0, 3.2 and 3.4. A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets. A user may cause a CPU DOS by maliciously directing many inputs to a single bucket.
Created cyrus-imapd tracking bugs for this issue: Affects: fedora-all [bug 2000080]
References: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.2.html https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.8.html https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.16.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3493 https://access.redhat.com/errata/RHSA-2021:3493
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3492 https://access.redhat.com/errata/RHSA-2021:3492
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-33582
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3546 https://access.redhat.com/errata/RHSA-2021:3546