CVE-2007-3257 — Evolution vulnerability

11 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

2.8%

top 13.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution Gnome Evolution-data-server

Timeline

PublishedJun 19

Latest updateMay 3

Description

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debiangnome/evolution-data-server< 1.10.2-2+3

▶Debiangnome/evolution< 2.12.0-1+3

▶NVDgnome/evolution1.11

🔴Vulnerability Details

GHSA

GHSA-6ggg-vv7h-7mm5: Camel (camel-imap-folder↗2022-05-03

▶

CVEList

CVE-2007-3257: Camel (camel-imap-folder↗2007-06-19

▶

OSV

CVE-2007-3257: Camel (camel-imap-folder↗2007-06-19

▶

📋Vendor Advisories

Ubuntu

evolution-data-server vulnerability↗2007-06-21

▶

Red Hat

evolution malicious server arbitrary code execution↗2007-06-14

▶

Debian

CVE-2007-3257: evolution - Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1....↗2007

▶

💬Community

Bugzilla

CVE-2007-3257 evolution malicious server arbitrary code execution↗2007-06-14

▶

Bugzilla

CVE-2007-3257 Evolution malicious server arbitrary code execution [FC5]↗2007-06-14

▶

Bugzilla

CVE-2007-3257 Evolution malicious server arbitrary code execution [F7]↗2007-06-14

▶

Bugzilla

CVE-2007-3257 Evolution malicious server arbitrary code execution [FC6]↗2007-06-14

▶