CVE-2007-5007Improper Restriction of Operations within the Bounds of a Memory Buffer in Balsa

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 23.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Balsa
Timeline
PublishedDec 12
Latest updateMay 1

Description

Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiangnome/balsa< 2.3.20-1+3
NVDgnome/balsa40 versions+39

Patches

Patch: mail.gnome.orgPatch: www.securityfocus.comPatch: mail.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-42g6-c5f2-p9f3: Stack-based buffer overflow in the ir_fetch_seq function in balsa before 22022-05-01
OSV
CVE-2007-5007: Stack-based buffer overflow in the ir_fetch_seq function in balsa before 22007-12-12
CVEList
CVE-2007-5007: Stack-based buffer overflow in the ir_fetch_seq function in balsa before 22007-09-20

📋Vendor Advisories

2
Red Hat
balsa: IMAP server triggerred stack overflow2007-09-06
Debian
CVE-2007-5007: balsa - Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 ...2007

💬Community

1
Bugzilla
CVE-2007-5007 balsa: IMAP server triggerred stack overflow2007-09-20
CVE-2007-5007 — Gnome Balsa vulnerability | cvebase