CVE-2005-0373

9 documents7 sources

Severity

7.5HIGH

EPSS

4.8%

top 10.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server Conectiva Linux +5 more

Timeline

PublishedOct 7

Latest updateMay 1

Description

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶Debiancyrus-sasl2< 2.1.19.dfsg1-0sarge2+3

▶NVDcyrus/sasl14 versions+13

▶NVDapple/mac_os_x29 versions+28

▶NVDconectiva/linux10.0, 9.0+1

▶NVDopenpkg/openpkg2.1, 2.2+1

Patches

Patch: www.gentoo.org ↗Patch: www.linuxcompatible.org ↗Patch: www.monkey.org ↗

🔴Vulnerability Details

GHSA

GHSA-48q4-vrg4-8rx4: Buffer overflow in digestmd5↗2022-05-01

▶

CVEList

CVE-2005-0373: Buffer overflow in digestmd5↗2005-02-13

▶

OSV

CVE-2005-0373: Buffer overflow in digestmd5↗2004-10-07

▶

📋Vendor Advisories

Debian

CVE-2005-0373: cyrus-sasl2 - Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5...↗2005

▶

Red Hat

CVE-2005-0373: Buffer overflow in digestmd5↗

▶

💬Community

Bugzilla

Remote buffer overflow in the digestmd5.c↗2005-02-25

▶

Bugzilla

Remote buffer overflow in the digestmd5.c↗2005-02-25

▶

Bugzilla

Remote buffer overflow in the digestmd5.c↗2005-02-25

▶