CVE-2005-1521

5 documents5 sources

Severity

7.5HIGH

EPSS

4.1%

top 11.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailutils

Timeline

PublishedMay 26

Latest updateMay 1

Description

Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianmailutils< 1:0.6.1-3+3

▶NVDgnu/mailutils0.5, 0.6+1

Patches

Patch: www.idefense.com ↗Patch: www.securityfocus.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-p738-58m7-hr43: Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0↗2022-05-01

▶

OSV

CVE-2005-1521: Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0↗2005-05-26

▶

CVEList

CVE-2005-1521: Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0↗2005-05-26

▶

📋Vendor Advisories

Debian

CVE-2005-1521: mailutils - Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils ...↗2005

▶