CVE-2015-8614: Buffer Overflow
First published: Mon Apr 11 2016(Updated: )
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Claws-Mail | <=3.13.0 | |
| openSUSE | =42.1 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00000.html
- http://www.claws-mail.org/news.php
- http://www.debian.org/security/2016/dsa-3452
- http://www.openwall.com/lists/oss-security/2015/12/21/10
- http://www.openwall.com/lists/oss-security/2015/12/22/2
- http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
- https://security.gentoo.org/glsa/201606-11
- http://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=d390fa07f5548f3173dd9cc13b233db5ce934c82
Frequently Asked Questions
What is the severity of CVE-2015-8614?
CVE-2015-8614 has a high severity rating due to the possibility of remote code execution through crafted emails.
How do I fix CVE-2015-8614?
To fix CVE-2015-8614, upgrade Claws Mail to version 3.13.1 or later.
What versions of Claws Mail are affected by CVE-2015-8614?
CVE-2015-8614 affects all versions of Claws Mail prior to 3.13.1.
Can CVE-2015-8614 be exploited remotely?
Yes, CVE-2015-8614 can be exploited remotely via specially crafted emails.
What functions are involved in the vulnerability CVE-2015-8614?
The functions involved in CVE-2015-8614 are conv_jistoeuc, conv_euctojis, and conv_sjistoeuc in codeconv.c.
- agent/type
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/claws-mail
- canonical/claws-mail
- version/claws-mail/3.13.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- version/opensuse/13.1
- version/opensuse/13.2