CVE-2005-0667 : Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

Published 2005-03-07 05:00:00

Updated 2008-09-05 20:46:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2005-0667

Redhat » Enterprise Linux » Version: 2.1 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Advanced Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Ia64 Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
Matching versions
Redhat » Fedora Core » Version: Core 3.0
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.5
cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.6
cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.4
cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.7
cpe:2.3:a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.8
cpe:2.3:a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.9
cpe:2.3:a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.10
cpe:2.3:a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.12
cpe:2.3:a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.99
cpe:2.3:a:sylpheed:sylpheed:0.9.99:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 1.0.1
cpe:2.3:a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.8.11
cpe:2.3:a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 0.9.11
cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 1.0.0
cpe:2.3:a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*
Matching versions
Sylpheed » Sylpheed » Version: 1.0.2
cpe:2.3:a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*
Matching versions
Sylpheed-claws » Sylpheed-claws » Version: 1.0.2
cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*
Matching versions
Altlinux » Alt Linux » Version: 2.3 Compact Edition
cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*
Matching versions
Altlinux » Alt Linux » Version: 2.3 Junior Edition
cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0667

EPSS FAQ

5.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0667

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-0667

http://www.redhat.com/support/errata/RHSA-2005-303.html

Support
Patch;Vendor Advisory
http://sylpheed.good-day.net/changelog-devel.html.en

Patch;Vendor Advisory
http://securitytracker.com/id?1013376

GoDaddy Domain Name Search
Vendor Advisory
http://sylpheed.good-day.net/changelog.html.en

Patch;Vendor Advisory

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml

Sylpheed, Sylpheed-claws: Message reply overflow (GLSA 200503-26) — Gentoo security
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-0667

Products affected by CVE-2005-0667

Exploit prediction scoring system (EPSS) score for CVE-2005-0667

CVSS scores for CVE-2005-0667

References for CVE-2005-0667