CVE-2005-0100

11 documents9 sources

Severity

7.5HIGH

EPSS

2.8%

top 13.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Emacs GNU Xemacs

Timeline

PublishedFeb 7

Latest updateMay 1

Description

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debianxemacs21< 21.4.16-2+1

▶NVDgnu/xemacs21.4

▶NVDgnu/emacs20.0+1

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-39qf-gxpw-7vqf: Format string vulnerability in the movemail utility in (1) Emacs 20↗2022-05-01

▶

CVEList

CVE-2005-0100: Format string vulnerability in the movemail utility in (1) Emacs 20↗2005-02-08

▶

OSV

CVE-2005-0100: Format string vulnerability in the movemail utility in (1) Emacs 20↗2005-02-07

▶

💥Exploits & PoCs

Exploit-DB

Neslo Desktop Rover 3.0 - Malformed Packet Remote Denial of Service↗2005-04-20

▶

📋Vendor Advisories

Ubuntu

Emacs vulnerability↗2005-02-07

▶

Red Hat

security flaw↗2005-02-06

▶

Debian

CVE-2005-0100: xemacs21 - Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and...↗2005

▶

💬Community

Bugzilla

CVE-2005-0100 security flaw↗2018-08-16

▶

Bugzilla

CAN-2005-0100 xemacs string format issue↗2005-02-10

▶