Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0284

13 documents5 sources

Severity

7.5HIGH

EPSS

78.7%

top 0.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

University OF Washington Imap

Timeline

PublishedApr 16

Latest updateApr 30

Description

Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDuniversity_of_washington/imap12.264

🔴Vulnerability Details

GHSA

GHSA-rj56-vwqm-8wv9: Buffer overflow in University of Washington imapd version 4↗2022-04-30

▶

CVEList

CVE-2000-0284: Buffer overflow in University of Washington imapd version 4↗2000-04-26

▶

💥Exploits & PoCs

Exploit-DB

UoW IMAPd Server - LSUB Buffer Overflow (Metasploit)↗2010-03-26

▶

Exploit-DB

UoW IMAPd Server 10.234/12.264 - Remote Buffer Overflow↗2002-08-01

▶

Exploit-DB

WU-IMAP 2000.287(1-2) - Remote Overflow↗2002-06-25

▶

Exploit-DB

IMAP4rev1 12.261/12.264/2000.284 - 'lsub' Remote Overflow↗2001-03-03

▶

Exploit-DB

IMAP4rev1 10.190 - Authentication Stack Overflow↗2001-01-19

▶

🔍Detection Rules

Suricata

GPL IMAP find overflow attempt↗2010-09-23

▶

Suricata

GPL IMAP rename overflow attempt↗2010-09-23

▶