cbcvebase.
CVE-2007-5740
published 2007-10-31

CVE-2007-5740: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an…

PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.38%
95.7th percentile
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianperdition< perdition 1.17.1-1 (bookworm)perdition 1.17.1-1 (bookworm)
perditionperdition>= 0 < 1.17.1-11.17.1-1
perditionperdition>= 0 < 1.17.1-11.17.1-1
perditionperdition>= 0 < 1.17.1-11.17.1-1
perditionperdition>= 0 < 1.17.1-11.17.1-1
vergenetperdition_mail_retrieval_proxy<= 1.17

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.