Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0128

8 documents8 sources
Severity
5.0MEDIUM
EPSS
34.5%
top 3.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Ximian Evolution
Timeline
PublishedMar 24
Latest updateApr 29

Description

The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDximian/evolution10 versions+9
Debianevolution< 1.2.3+3

Patches

Patch: www.coresecurity.comPatch: www.securityfocus.comPatch: www.coresecurity.com

🔴Vulnerability Details

3
GHSA
GHSA-4vwm-wf8m-g2v8: The try_uudecoding function in mail-format2022-04-29
OSV
CVE-2003-0128: The try_uudecoding function in mail-format2003-03-24
CVEList
CVE-2003-0128: The try_uudecoding function in mail-format2003-03-21

💥Exploits & PoCs

1
Exploit-DB
Ximian Evolution 1.x - UUEncoding Denial of Service2003-03-17

📋Vendor Advisories

2
Red Hat
security flaw2003-03-19
Debian
CVE-2003-0128: evolution - The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agen...2003

💬Community

1
Bugzilla
CVE-2003-0128 security flaw2018-08-16
CVE-2003-0128 (MEDIUM CVSS 5) | The try_uudecoding function in mail | cvebase.io