CVE-2008-5005
published 2008-11-10CVE-2008-5005: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier…
PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.35%
92.8th percentile
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | alpine | < uw-imap 7:2007d~dfsg-1 (bookworm) | uw-imap 7:2007d~dfsg-1 (bookworm) |
| debian | uw-imap | < uw-imap 7:2007d~dfsg-1 (bookworm) | uw-imap 7:2007d~dfsg-1 (bookworm) |
| msrc | microsoft_edge | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | alpine | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
| university_of_washington | imap_toolkit | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9hgh-p6fq-92mm: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2
ghsa_unreviewed·2022-05-14
CVE-2008-5005 [HIGH] CWE-119 GHSA-9hgh-p6fq-92mm: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
OSV
CVE-2008-5005: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2
osv·2008-11-10·CVSS 10.0
CVE-2008-5005 [CRITICAL] CVE-2008-5005: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Microsoft
Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2008 [HIGH] Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
102.0.1245.41
6/13/2022
102.0.5005.115
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the bro
Red Hat
uw-imap: buffer overflow in dmail and tmail
vendor_redhat·2008-10-31·CVSS 10.0
CVE-2008-5005 [CRITICAL] uw-imap: buffer overflow in dmail and tmail
uw-imap: buffer overflow in dmail and tmail
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Debian
CVE-2008-5005: alpine - Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolk...
vendor_debian·2008·CVSS 10.0
CVE-2008-5005 [CRITICAL] CVE-2008-5005: alpine - Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolk...
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.htmlhttp://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.htmlhttp://marc.info/?l=full-disclosure&m=122572590212610&w=4http://panda.com/imap/http://rhn.redhat.com/errata/RHSA-2009-0275.htmlhttp://secunia.com/advisories/32483http://secunia.com/advisories/32512http://secunia.com/advisories/33142http://secunia.com/advisories/33996http://securityreason.com/securityalert/4570http://securitytracker.com/id?1021131http://support.avaya.com/elmodocs2/security/ASA-2009-065.htmhttp://www.bitsec.com/en/rad/bsa-081103.chttp://www.bitsec.com/en/rad/bsa-081103.txthttp://www.debian.org/security/2008/dsa-1685http://www.mandriva.com/security/advisories?name=MDVSA-2009:146http://www.openwall.com/lists/oss-security/2008/11/03/3http://www.openwall.com/lists/oss-security/2008/11/03/4http://www.openwall.com/lists/oss-security/2008/11/03/5http://www.securityfocus.com/archive/1/498002/100/0/threadedhttp://www.securityfocus.com/bid/32072http://www.vupen.com/english/advisories/2008/3042http://www.washington.edu/alpine/tmailbug.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=469667https://exchange.xforce.ibmcloud.com/vulnerabilities/46281https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.htmlhttp://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.htmlhttp://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.htmlhttp://marc.info/?l=full-disclosure&m=122572590212610&w=4http://panda.com/imap/http://rhn.redhat.com/errata/RHSA-2009-0275.htmlhttp://secunia.com/advisories/32483http://secunia.com/advisories/32512http://secunia.com/advisories/33142http://secunia.com/advisories/33996http://securityreason.com/securityalert/4570http://securitytracker.com/id?1021131http://support.avaya.com/elmodocs2/security/ASA-2009-065.htmhttp://www.bitsec.com/en/rad/bsa-081103.chttp://www.bitsec.com/en/rad/bsa-081103.txthttp://www.debian.org/security/2008/dsa-1685http://www.mandriva.com/security/advisories?name=MDVSA-2009:146http://www.openwall.com/lists/oss-security/2008/11/03/3http://www.openwall.com/lists/oss-security/2008/11/03/4http://www.openwall.com/lists/oss-security/2008/11/03/5http://www.securityfocus.com/archive/1/498002/100/0/threadedhttp://www.securityfocus.com/bid/32072http://www.vupen.com/english/advisories/2008/3042http://www.washington.edu/alpine/tmailbug.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=469667https://exchange.xforce.ibmcloud.com/vulnerabilities/46281https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10485https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html
2008-11-10
Published