Vulnerability Details : CVE-2007-2958
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Vulnerability category: Execute code
Products affected by CVE-2007-2958
- cpe:2.3:a:sylpheed:sylpheed:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100:*:*:*:*:*:*:*
- cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2958
2.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2958
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
Vendor statements for CVE-2007-2958
-
Red Hat 2007-08-28Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2007-2958
-
http://www.securityfocus.com/bid/25430
-
http://security.gentoo.org/glsa/glsa-200710-29.xml
Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code (GLSA 200710-29) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=254121
254121 – (CVE-2007-2958) CVE-2007-2958 claws-mail format string vulnerability
-
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html
[SECURITY] Fedora 7 Update: claws-mail-3.0.0-1.fc7
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36238
Sylpheed inc_put_error() function format string CVE-2007-2958 Vulnerability Report
-
http://www.vupen.com/english/advisories/2007/2971
Site en construction
-
http://www.novell.com/linux/security/advisories/2007_20_sr.html
404 Page Not Found | SUSE
-
http://bugs.gentoo.org/show_bug.cgi?id=190104
190104 – mail-client/{sylpheed, claws-mail} POP3 format string vulnerability (CVE-2007-2958)
Jump to