CVE-2008-5514: Buffer Overflow
First published: Fri Dec 19 2008(Updated: )
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| University of Washington imap | =2002 | |
| University of Washington imap | =2006e | |
| University of Washington imap | =2004b | |
| University of Washington imap | =2004d | |
| University of Washington imap | =2004f | |
| University of Washington imap | =2006a | |
| University of Washington imap | =2002d | |
| University of Washington imap | =2002f | |
| University of Washington imap | =2004 | |
| University of Washington imap | =2006k | |
| University of Washington imap | =2004a | |
| University of Washington imap | =2004c | |
| University of Washington imap | =2001a | |
| University of Washington imap | =2006j | |
| University of Washington imap | =2000 | |
| University of Washington imap | =2006f | |
| University of Washington imap | =2006h | |
| University of Washington imap | =2002a | |
| University of Washington imap | <=2007d | |
| University of Washington imap | =2007 | |
| University of Washington imap | =2001 | |
| University of Washington imap | =2006 | |
| University of Washington imap | =2007a | |
| University of Washington imap | =2007b | |
| University of Washington imap | =2006b | |
| University of Washington imap | =2006c | |
| University of Washington imap | =2004e | |
| University of Washington imap | =2000b | |
| University of Washington imap | =2002b | |
| University of Washington imap | =2006i | |
| University of Washington imap | =2000a | |
| University of Washington imap | =2004g | |
| University of Washington imap | =2000c | |
| University of Washington imap | =2002c | |
| University of Washington imap | =2006d | |
| University of Washington imap | =2002e | |
| University of Washington imap | =2006g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/33275
- http://www.washington.edu/imap/documentation/RELNOTES.html
- https://bugzilla.redhat.com/show_bug.cgi?id=477227
- http://securitytracker.com/id?1021485
- http://www.securityfocus.com/bid/32958
- http://secunia.com/advisories/33638
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
- http://www.vupen.com/english/advisories/2008/3490
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47526
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/university of washington
- canonical/university of washington imap
- version/university of washington imap/2002
- version/university of washington imap/2006e
- version/university of washington imap/2004b
- version/university of washington imap/2004d
- version/university of washington imap/2004f
- version/university of washington imap/2006a
- version/university of washington imap/2002d
- version/university of washington imap/2002f
- version/university of washington imap/2004
- version/university of washington imap/2006k
- version/university of washington imap/2004a
- version/university of washington imap/2004c
- version/university of washington imap/2001a
- version/university of washington imap/2006j
- version/university of washington imap/2000
- version/university of washington imap/2006f
- version/university of washington imap/2006h
- version/university of washington imap/2002a
- version/university of washington imap/2007d
- version/university of washington imap/2007
- version/university of washington imap/2001
- version/university of washington imap/2006
- version/university of washington imap/2007a
- version/university of washington imap/2007b
- version/university of washington imap/2006b
- version/university of washington imap/2006c
- version/university of washington imap/2004e
- version/university of washington imap/2000b
- version/university of washington imap/2002b
- version/university of washington imap/2006i
- version/university of washington imap/2000a
- version/university of washington imap/2004g
- version/university of washington imap/2000c
- version/university of washington imap/2002c
- version/university of washington imap/2006d
- version/university of washington imap/2002e
- version/university of washington imap/2006g