CVE-2006-2659
published 2006-05-30CVE-2006-2659: libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that…
PriorityP424high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.40%
81.9th percentile
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | courier | < courier 0.53.2-1 (bookworm) | courier 0.53.2-1 (bookworm) |
| double_precision_incorporated | courier_mta | <= 0.44.2 | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | — | — |
| double_precision_incorporated | courier_mta | >= 0 < 0.53.2-1 | 0.53.2-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.53.2-1 | 0.53.2-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.53.2-1 | 0.53.2-1 |
| double_precision_incorporated | courier_mta | >= 0 < 0.53.2-1 | 0.53.2-1 |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
courier vulnerability
vendor_ubuntu·2006-06-09
CVE-2006-2659 courier vulnerability
Title: courier vulnerability
Summary: courier vulnerability
A Denial of Service vulnerability has been found in the function for
encoding email addresses. Addresses containing a '=' before the '@'
character caused the Courier to hang in an endless loop, rendering the
service unusable.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2006-2659: courier - libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial o...
vendor_debian·2006·CVSS 7.8
CVE-2006-2659 [HIGH] CVE-2006-2659: courier - libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial o...
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
Scope: local
bookworm: resolved (fixed in 0.53.2-1)
bullseye: resolved (fixed in 0.53.2-1)
forky: resolved (fixed in 0.53.2-1)
sid: resolved (fixed in 0.53.2-1)
trixie: resolved (fixed in 0.53.2-1)
GHSA
GHSA-jf3h-hc4x-5q33: libs/comverp
ghsa_unreviewed·2022-05-01
CVE-2006-2659 [HIGH] GHSA-jf3h-hc4x-5q33: libs/comverp
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
OSV
CVE-2006-2659: libs/comverp
osv·2006-05-30·CVSS 7.8
CVE-2006-2659 [HIGH] CVE-2006-2659: libs/comverp
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834http://secunia.com/advisories/20519http://secunia.com/advisories/20548http://secunia.com/advisories/20792http://secunia.com/advisories/21350http://security.gentoo.org/glsa/glsa-200608-06.xmlhttp://securitytracker.com/id?1016248http://www.courier-mta.org/beta/patches/verp-fix/README.txthttp://www.debian.org/security/2006/dsa-1101http://www.securityfocus.com/bid/18345http://www.vupen.com/english/advisories/2006/2214https://exchange.xforce.ibmcloud.com/vulnerabilities/26998https://usn.ubuntu.com/294-1/http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834http://secunia.com/advisories/20519http://secunia.com/advisories/20548http://secunia.com/advisories/20792http://secunia.com/advisories/21350http://security.gentoo.org/glsa/glsa-200608-06.xmlhttp://securitytracker.com/id?1016248http://www.courier-mta.org/beta/patches/verp-fix/README.txthttp://www.debian.org/security/2006/dsa-1101http://www.securityfocus.com/bid/18345http://www.vupen.com/english/advisories/2006/2214https://exchange.xforce.ibmcloud.com/vulnerabilities/26998https://usn.ubuntu.com/294-1/
2006-05-30
Published