Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0777

CWE-134 โ€” Uncontrolled Format String6 documents6 sources
Severity
7.5HIGH
EPSS
15.9%
top 5.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Inter7 Courier-imap
Timeline
PublishedOct 20
Latest updateApr 29

Description

Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

โ–ถNVDinter7/courier-imap8 versions+7
โ–ถDebiancourier< 0.45.6-1+3

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-25j9-9wxp-hpp7: Format string vulnerability in the auth_debug function in Courier-IMAP 1โ†—2022-04-29
โ–ถ
OSV
CVE-2004-0777: Format string vulnerability in the auth_debug function in Courier-IMAP 1โ†—2004-10-20
โ–ถ
CVEList
CVE-2004-0777: Format string vulnerability in the auth_debug function in Courier-IMAP 1โ†—2004-08-19
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
Courier-IMAP 3.0.2-r1 - 'auth_debug()' Remote Format Stringโ†—2004-09-02
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Debian
CVE-2004-0777: courier - Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 thr...โ†—2004
โ–ถ
CVE-2004-0777 (HIGH CVSS 7.5) | Format string vulnerability in the | cvebase.io