CVE-2008-1108 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Evolution

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents9 sources

Severity

7.6HIGHNVD

EPSS

4.2%

top 11.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution

Timeline

PublishedJun 4

Latest updateMay 1

Description

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶Debiangnome/evolution< 2.22.2-1.1+3

▶NVDgnome/evolution2.2.1

🔴Vulnerability Details

GHSA

GHSA-839c-2pvm-jv7q: Buffer overflow in Evolution 2↗2022-05-01

▶

OSV

CVE-2008-1108: Buffer overflow in Evolution 2↗2008-06-04

▶

CVEList

CVE-2008-1108: Buffer overflow in Evolution 2↗2008-06-04

▶

💥Exploits & PoCs

Exploit-DB

PunBB Mod PunPortal 0.1 - Local File Inclusion↗2008-11-20

▶

📋Vendor Advisories

Ubuntu

Evolution vulnerabilities↗2008-06-06

▶

Red Hat

evolution: iCalendar buffer overflow via large timezone specification↗2008-06-04

▶

Debian

CVE-2008-1108: evolution - Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled,...↗2008

▶

💬Community

Bugzilla

CVE-2008-1108 evolution: iCalendar buffer overflow via large timezone specification↗2008-05-27

▶