The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
2014-04-28T14:09:06.157
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | zarafa | zarafa | ≤ 6.20 | Yes |
| Application | zarafa | zarafa | 5.00 | Yes |
| Application | zarafa | zarafa | 5.01 | Yes |
| Application | zarafa | zarafa | 5.02 | Yes |
| Application | zarafa | zarafa | 5.10 | Yes |
| Application | zarafa | zarafa | 5.11 | Yes |
| Application | zarafa | zarafa | 5.20 | Yes |
| Application | zarafa | zarafa | 5.22 | Yes |
| Application | zarafa | zarafa | 6.00 | Yes |
| Application | zarafa | zarafa | 6.01 | Yes |
| Application | zarafa | zarafa | 6.02 | Yes |
| Application | zarafa | zarafa | 6.03 | Yes |
| Application | zarafa | zarafa | 6.10 | Yes |
| Application | zarafa | zarafa | 6.11 | Yes |
| Application | zarafa | zarafa | 7.1.8 | Yes |