Vulnerability Details : CVE-2008-5514
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-5514
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5514
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-5514
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5514
-
Red Hat 2009-01-12Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5.
-
http://www.washington.edu/imap/documentation/RELNOTES.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
-
http://www.securityfocus.com/bid/32958
-
https://bugzilla.redhat.com/show_bug.cgi?id=477227
-
http://www.vupen.com/english/advisories/2008/3490
-
http://securitytracker.com/id?1021485
-
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47526
- cpe:2.3:a:university_of_washington:imap:*:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006h:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006g:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004g:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2001:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2001a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006j:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006i:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006k:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000c:*:*:*:*:*:*:*