Vulnerability Details : CVE-2008-5514
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2008-5514
- cpe:2.3:a:university_of_washington:imap:*:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006h:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006g:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004g:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2001:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2001a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006j:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006i:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006f:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006e:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2007a:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006k:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2006b:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2004d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002c:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2002d:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_washington:imap:2000c:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5514
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5514
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-5514
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5514
-
Red Hat 2009-01-12Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5.
References for CVE-2008-5514
-
http://www.washington.edu/imap/documentation/RELNOTES.html
Page not found | University of Washington
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:146
Mandriva
-
http://www.securityfocus.com/bid/32958
-
https://bugzilla.redhat.com/show_bug.cgi?id=477227
477227 – (CVE-2008-5514) CVE-2008-5514 libc-client: buffer overflow in rfc822_output_char / rfc822_output_data
-
http://www.vupen.com/english/advisories/2008/3490
Site en construction
-
http://securitytracker.com/id?1021485
Access Denied
-
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html
[SECURITY] Fedora 9 Update: uw-imap-2007e-1.fc9
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47526
UW-imapd rfc822_output_char() denial of service CVE-2008-5514 Vulnerability Report
Jump to