CVE-2008-5006 — NULL Pointer Dereference in Uw-imap

CWE-399 CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Uw-imap University OF Washington Imap Toolkit

Timeline

PublishedNov 10

Latest updateMay 17

Description

smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDuniversity_of_washington/imap_toolkit2007b

▶debiandebian/uw-imap< uw-imap 7:2007d~dfsg-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-r9mv-q87p-6xv4: smtp↗2022-05-17

▶

OSV

CVE-2008-5006: smtp↗2008-11-10

▶

📋Vendor Advisories

Red Hat

uw-imap: NULL pointer dereference in smtp.c↗2008-11-03

▶

Debian

CVE-2008-5006: uw-imap - smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b al...↗2008

▶

💬Community

Bugzilla

CVE-2008-5006 uw-imap: NULL pointer dereference in smtp.c↗2008-11-10

▶