Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1523

6 documents6 sources

Severity

7.5HIGH

EPSS

14.1%

top 5.64%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Mailutils

Timeline

PublishedMay 26

Latest updateMay 1

Description

Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianmailutils< 1:0.6.1-3+3

▶NVDgnu/mailutils0.5, 0.6+1

Patches

Patch: www.idefense.com ↗Patch: www.securityfocus.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-xwqj-7mqr-967j: Format string vulnerability in imap4d server in GNU Mailutils 0↗2022-05-01

▶

CVEList

CVE-2005-1523: Format string vulnerability in imap4d server in GNU Mailutils 0↗2005-05-26

▶

OSV

CVE-2005-1523: Format string vulnerability in imap4d server in GNU Mailutils 0↗2005-05-26

▶

💥Exploits & PoCs

Exploit-DB

GNU Mailutils imap4d 0.6 - Remote Format String↗2005-08-01

▶

📋Vendor Advisories

Debian

CVE-2005-1523: mailutils - Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and o...↗2005

▶