cbcvebase.
CVE-2008-5005
published 2008-11-10

CVE-2008-5005: Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier…

PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
6.35%
92.8th percentile
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.

Affected

23 ranges
VendorProductVersion rangeFixed in
debianalpine< uw-imap 7:2007d~dfsg-1 (bookworm)uw-imap 7:2007d~dfsg-1 (bookworm)
debianuw-imap< uw-imap 7:2007d~dfsg-1 (bookworm)uw-imap 7:2007d~dfsg-1 (bookworm)
msrcmicrosoft_edge
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonalpine
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit
university_of_washingtonimap_toolkit

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.