CVE-2010-2813 [Medium] | Denial of Service in Squirrelmail

functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-12	5.30%	2.57%	-2.72%
2	2025-12-28	5.42%	5.30%	-0.12%
3	2025-12-27	—	5.42%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-12

5.30%

2.57%

-2.72%

2025-12-28

5.42%

5.30%

-0.12%

2025-12-27

—

5.42%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2010-2813

vendor	priority	summary	link
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2010-2813
`ubuntu`	low	CVE-2010-2813 low priority: Ubuntu including 1 source packages (squirrelmail), 13 status rows across 13 suites (dapper, hardy, jaunty, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): not-affected 7, ignored 5, released 1.	https://ubuntu.com/security/CVE-2010-2813

Affected software / configurations for CVE-2010-2813

Vendor	Product	Version	Raw CPE
squirrelmail	squirrelmail	<= 1.4.20	cpe:2.3:a:squirrelmail:squirrelmail::::::::
squirrelmail	squirrelmail	1.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4:::::::*
squirrelmail	squirrelmail	1.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4:rc1::::::
squirrelmail	squirrelmail	1.4.0	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:::::::*
squirrelmail	squirrelmail	1.4.0	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc1::::::
squirrelmail	squirrelmail	1.4.0	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:rc2a::::::
squirrelmail	squirrelmail	1.4.0-r1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0-r1:::::::*
squirrelmail	squirrelmail	1.4.0_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:::::::*
squirrelmail	squirrelmail	1.4.0_rc2a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:::::::*
squirrelmail	squirrelmail	1.4.1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:::::::*
squirrelmail	squirrelmail	1.4.2	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:::::::*
squirrelmail	squirrelmail	1.4.2-r1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r1:::::::*
squirrelmail	squirrelmail	1.4.2-r2	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r2:::::::*
squirrelmail	squirrelmail	1.4.2-r3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r3:::::::*
squirrelmail	squirrelmail	1.4.2-r4	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r4:::::::*
squirrelmail	squirrelmail	1.4.2-r5	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2-r5:::::::*
squirrelmail	squirrelmail	1.4.3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:::::::*
squirrelmail	squirrelmail	1.4.3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:r3::::::
squirrelmail	squirrelmail	1.4.3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:rc1::::::
squirrelmail	squirrelmail	1.4.3_r3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:::::::*
squirrelmail	squirrelmail	1.4.3_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:::::::*
squirrelmail	squirrelmail	1.4.3_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:r1::::::
squirrelmail	squirrelmail	1.4.3a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:::::::*
squirrelmail	squirrelmail	1.4.3aa	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:::::::*
squirrelmail	squirrelmail	1.4.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:::::::*
squirrelmail	squirrelmail	1.4.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:rc1::::::
squirrelmail	squirrelmail	1.4.4_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:::::::*
squirrelmail	squirrelmail	1.4.5	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:::::::*
squirrelmail	squirrelmail	1.4.5	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:rc1::::::
squirrelmail	squirrelmail	1.4.5_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:::::::*
squirrelmail	squirrelmail	1.4.6	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:::::::*
squirrelmail	squirrelmail	1.4.6	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:rc1::::::
squirrelmail	squirrelmail	1.4.6_cvs	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:::::::*
squirrelmail	squirrelmail	1.4.6_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:::::::*
squirrelmail	squirrelmail	1.4.7	cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:::::::*
squirrelmail	squirrelmail	1.4.8	cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:::::::*
squirrelmail	squirrelmail	1.4.8.4fc6	cpe:2.3:a:squirrelmail:squirrelmail:1.4.8.4fc6:::::::*
squirrelmail	squirrelmail	1.4.9	cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:::::::*
squirrelmail	squirrelmail	1.4.9a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:::::::*
squirrelmail	squirrelmail	1.4.10	cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:::::::*
squirrelmail	squirrelmail	1.4.10a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:::::::*
squirrelmail	squirrelmail	1.4.11	cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:::::::*
squirrelmail	squirrelmail	1.4.12	cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:::::::*
squirrelmail	squirrelmail	1.4.13	cpe:2.3:a:squirrelmail:squirrelmail:1.4.13:::::::*
squirrelmail	squirrelmail	1.4.15	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:::::::*
squirrelmail	squirrelmail	1.4.15	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1::::::
squirrelmail	squirrelmail	1.4.15_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:::::::*
squirrelmail	squirrelmail	1.4.15rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.15rc1:::::::*
squirrelmail	squirrelmail	1.4.16	cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:::::::*
squirrelmail	squirrelmail	1.4.17	cpe:2.3:a:squirrelmail:squirrelmail:1.4.17:::::::*
squirrelmail	squirrelmail	1.4.18	cpe:2.3:a:squirrelmail:squirrelmail:1.4.18:::::::*
squirrelmail	squirrelmail	1.4.19	cpe:2.3:a:squirrelmail:squirrelmail:1.4.19:::::::*
squirrelmail	squirrelmail	1.4_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:::::::*
squirrelmail	squirrelmail	1.44	cpe:2.3:a:squirrelmail:squirrelmail:1.44:::::::*

References for CVE-2010-2813

URL	Tags
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://secunia.com/advisories/40964	Vendor Advisory
http://secunia.com/advisories/40971	Vendor Advisory
http://squirrelmail.org/security/issue/2010-07-23	Patch Vendor Advisory
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972
http://support.apple.com/kb/HT5130
http://www.debian.org/security/2010/dsa-2091
http://www.securityfocus.com/bid/42399
http://www.vupen.com/english/advisories/2010/2070	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2080	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=618096
https://exchange.xforce.ibmcloud.com/vulnerabilities/61124

URL

CVE-2010-2813

Exploit prediction scoring system (EPSS) score for CVE-2010-2813

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2813

Weakness enumeration for CVE-2010-2813

OS Trackers for CVE-2010-2813

Affected software / configurations for CVE-2010-2813

References for CVE-2010-2813