CVE-2005-2549 — Use of Externally-Controlled Format String in Evolution

7 documents7 sources
Severity
7.5HIGHNVD
EPSS
2.9%
top 13.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Evolution
Timeline
PublishedAug 12
Latest updateMay 1

Description

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

â–¶Debiangnome/evolution< 2.2.3-3+3
â–¶NVDgnome/evolution10 versions+9

🔴Vulnerability Details

3
GHSA
GHSA-hprr-486w-7hgg: Multiple format string vulnerabilities in Evolution 1↗2022-05-01
â–¶
CVEList
CVE-2005-2549: Multiple format string vulnerabilities in Evolution 1↗2005-08-12
â–¶
OSV
CVE-2005-2549: Multiple format string vulnerabilities in Evolution 1↗2005-08-12
â–¶

📋Vendor Advisories

2
Red Hat
security flaw↗2005-08-10
â–¶
Debian
CVE-2005-2549: evolution - Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow re...↗2005
â–¶

💬Community

1
Bugzilla
CVE-2005-2549 security flaw↗2018-08-16
â–¶
CVE-2005-2549 — Gnome Evolution vulnerability | cvebase