CVE-2005-3182Improper Restriction of Operations within the Bounds of a Memory Buffer in Mailsecurity

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
6.3%
top 9.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GFI Mailsecurity
Timeline
PublishedOct 20
Latest updateMay 1

Description

Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: kbase.gfi.comPatch: secunia.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-rvqg-9x88-vgx5: Buffer overflow in the HTTP management interface for GFI MailSecurity 82022-05-01
CVEList
CVE-2005-3182: Buffer overflow in the HTTP management interface for GFI MailSecurity 82005-10-20
CVE-2005-3182 — GFI Mailsecurity vulnerability | cvebase