CVE-2004-0224
published 2004-04-15CVE-2004-0224: Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.26%
86.8th percentile
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | courier | < courier 0.45.1-1 (bookworm) | courier 0.45.1-1 (bookworm) |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | >= 0 < 0.45.1-1 | 0.45.1-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.45.1-1 | 0.45.1-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.45.1-1 | 0.45.1-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.45.1-1 | 0.45.1-1 |
| double_precision_incorporated | sqwebmail | — | — |
| double_precision_incorporated | sqwebmail | — | — |
| double_precision_incorporated | sqwebmail | — | — |
| double_precision_incorporated | sqwebmail | — | — |
| double_precision_incorporated | sqwebmail | — | — |
| gentoo | linux | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
| inter7 | courier-imap | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0224: courier - Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP ...
vendor_debian·2004·CVSS 7.5
CVE-2004-0224 [HIGH] CVE-2004-0224: courier - Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP ...
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
Scope: local
bookworm: resolved (fixed in 0.45.1-1)
bullseye: resolved (fixed in 0.45.1-1)
forky: resolved (fixed in 0.45.1-1)
sid: resolved (fixed in 0.45.1-1)
trixie: resolved (fixed in 0.45.1-1)
GHSA
GHSA-cmmx-rvgh-2vxw: Multiple buffer overflows in (1) iso2022jp
ghsa_unreviewed·2022-04-29
CVE-2004-0224 [HIGH] GHSA-cmmx-rvgh-2vxw: Multiple buffer overflows in (1) iso2022jp
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
OSV
CVE-2004-0224: Multiple buffer overflows in (1) iso2022jp
osv·2004-04-15·CVSS 7.5
CVE-2004-0224 [HIGH] CVE-2004-0224: Multiple buffer overflows in (1) iso2022jp
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/11087/http://sourceforge.net/project/shownotes.php?release_id=5767http://www.securityfocus.com/bid/9845https://exchange.xforce.ibmcloud.com/vulnerabilities/15434http://secunia.com/advisories/11087/http://sourceforge.net/project/shownotes.php?release_id=5767http://www.securityfocus.com/bid/9845https://exchange.xforce.ibmcloud.com/vulnerabilities/15434
2004-04-15
Published