CVE-2006-2659

6 documents6 sources

Severity

7.8HIGH

EPSS

3.6%

top 12.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Double Precision Incorporated Courier MTA

Timeline

PublishedMay 30

Latest updateMay 1

Description

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debiancourier< 0.53.2-1+3

▶NVDdouble_precision_incorporated/courier_mta0.44.2+7

Patches

Patch: bugs.debian.org ↗Patch: www.courier-mta.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-jf3h-hc4x-5q33: libs/comverp↗2022-05-01

▶

CVEList

CVE-2006-2659: libs/comverp↗2006-05-30

▶

OSV

CVE-2006-2659: libs/comverp↗2006-05-30

▶

📋Vendor Advisories

Ubuntu

courier vulnerability↗2006-06-09

▶

Debian

CVE-2006-2659: courier - libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial o...↗2006

▶