CVE-2008-5514: Buffer Overflow
First published: Fri Dec 19 2008(Updated: )
Ludwig Nussel reported a flaw in libc-client / uw-imap: The rfc822_output_char() function in the uw-imap c-client library does not check whether the buffer is already full and may therefore write one byte too much. This leads to a segfault in rfc822_output_data() later due to memcpy with size -1. Issue was fixed in imap-2007e: Updated: 16 December 2008 imap-2007e is a maintenance release, consisting primarily of bugfixes to problems discovered in the release that affected a small number of users plus a security fix for users of the RFC822BUFFER routines.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| University of Washington c-client | <=2007d | |
| University of Washington c-client | =2000 | |
| University of Washington c-client | =2000a | |
| University of Washington c-client | =2000b | |
| University of Washington c-client | =2000c | |
| University of Washington c-client | =2001 | |
| University of Washington c-client | =2001a | |
| University of Washington c-client | =2002 | |
| University of Washington c-client | =2002a | |
| University of Washington c-client | =2002b | |
| University of Washington c-client | =2002c | |
| University of Washington c-client | =2002d | |
| University of Washington c-client | =2002e | |
| University of Washington c-client | =2002f | |
| University of Washington c-client | =2004 | |
| University of Washington c-client | =2004a | |
| University of Washington c-client | =2004b | |
| University of Washington c-client | =2004c | |
| University of Washington c-client | =2004d | |
| University of Washington c-client | =2004e | |
| University of Washington c-client | =2004f | |
| University of Washington c-client | =2004g | |
| University of Washington c-client | =2006 | |
| University of Washington c-client | =2006a | |
| University of Washington c-client | =2006b | |
| University of Washington c-client | =2006c | |
| University of Washington c-client | =2006d | |
| University of Washington c-client | =2006e | |
| University of Washington c-client | =2006f | |
| University of Washington c-client | =2006g | |
| University of Washington c-client | =2006h | |
| University of Washington c-client | =2006i | |
| University of Washington c-client | =2006j | |
| University of Washington c-client | =2006k | |
| University of Washington c-client | =2007 | |
| University of Washington c-client | =2007a | |
| University of Washington c-client | =2007b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=327481&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=327481&action=edit
- https://svn.cac.washington.edu/public/alpine/snapshots/
- http://admin.fedoraproject.org/updates/uw-imap-2007e-1.fc10
- http://admin.fedoraproject.org/updates/uw-imap-2007e-1.fc9
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653238
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=770368
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=770369
- http://re-alpine.sourceforge.net/
- http://re-alpine.git.sourceforge.net/git/gitweb.cgi?p=re-alpine/re-alpine;a=commitdiff;h=3f20a0fc24537497ca1291ed04c8fb9848a19978;hp=1880d23af62bfdd11c9b43235429b81984093c99
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=477227#c16
- http://koji.fedoraproject.org/packages/alpine/2.00/1.el4
- http://koji.fedoraproject.org/packages/alpine/2.00/1.el5
- http://koji.fedoraproject.org/packages/alpine/2.00/9.el6
- http://pkgs.fedoraproject.org/gitweb/?p=alpine.git;a=commitdiff;h=d18633bd1ab8cda7bf96240aa6a29ec178166b52
- https://admin.fedoraproject.org/updates/alpine-2.02-3.el5
- https://admin.fedoraproject.org/updates/alpine-2.02-3.el6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=477227#c19
- https://admin.fedoraproject.org/updates/alpine-2.02-3.el4
- https://bugzilla.redhat.com/show_bug.cgi?id=477227
- http://secunia.com/advisories/33275
- http://secunia.com/advisories/33638
- http://securitytracker.com/id?1021485
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
- http://www.securityfocus.com/bid/32958
- http://www.vupen.com/english/advisories/2008/3490
- http://www.washington.edu/imap/documentation/RELNOTES.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47526
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html
Frequently Asked Questions
What is the severity of CVE-2008-5514?
The severity of CVE-2008-5514 is classified as high due to potential segmentation faults leading to application crashes.
How do I fix CVE-2008-5514?
To fix CVE-2008-5514, upgrade the University of Washington c-client library to a version later than 2007d.
What software is affected by CVE-2008-5514?
CVE-2008-5514 affects various versions of the University of Washington c-client, specifically all versions prior to 2007d.
What type of vulnerability is CVE-2008-5514?
CVE-2008-5514 is a memory corruption vulnerability that can result in buffer overflow issues.
Who reported CVE-2008-5514?
CVE-2008-5514 was reported by Ludwig Nussel.
- collector/redhat-bugzilla
- alias/CVE-2008-5514
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/university of washington
- canonical/university of washington c-client
- version/university of washington c-client/2007d
- version/university of washington c-client/2000
- version/university of washington c-client/2000a
- version/university of washington c-client/2000b
- version/university of washington c-client/2000c
- version/university of washington c-client/2001
- version/university of washington c-client/2001a
- version/university of washington c-client/2002
- version/university of washington c-client/2002a
- version/university of washington c-client/2002b
- version/university of washington c-client/2002c
- version/university of washington c-client/2002d
- version/university of washington c-client/2002e
- version/university of washington c-client/2002f
- version/university of washington c-client/2004
- version/university of washington c-client/2004a
- version/university of washington c-client/2004b
- version/university of washington c-client/2004c
- version/university of washington c-client/2004d
- version/university of washington c-client/2004e
- version/university of washington c-client/2004f
- version/university of washington c-client/2004g
- version/university of washington c-client/2006
- version/university of washington c-client/2006a
- version/university of washington c-client/2006b
- version/university of washington c-client/2006c
- version/university of washington c-client/2006d
- version/university of washington c-client/2006e
- version/university of washington c-client/2006f
- version/university of washington c-client/2006g
- version/university of washington c-client/2006h
- version/university of washington c-client/2006i
- version/university of washington c-client/2006j
- version/university of washington c-client/2006k
- version/university of washington c-client/2007
- version/university of washington c-client/2007a
- version/university of washington c-client/2007b