CVE-2005-2550Use of Externally-Controlled Format String in Evolution

7 documents7 sources
Severity
7.5HIGHNVD
EPSS
5.2%
top 10.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Evolution
Timeline
PublishedAug 12
Latest updateMay 1

Description

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiangnome/evolution< 2.2.3-3+3
NVDgnome/evolution11 versions+10

🔴Vulnerability Details

3
GHSA
GHSA-m9j9-chcx-7492: Format string vulnerability in Evolution 12022-05-01
OSV
CVE-2005-2550: Format string vulnerability in Evolution 12005-08-12
CVEList
CVE-2005-2550: Format string vulnerability in Evolution 12005-08-12

📋Vendor Advisories

2
Red Hat
security flaw2005-08-10
Debian
CVE-2005-2550: evolution - Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attac...2005

💬Community

1
Bugzilla
CVE-2005-2550 security flaw2018-08-16
CVE-2005-2550 — Gnome Evolution vulnerability | cvebase