CVE-2008-5620
published 2008-12-17CVE-2008-5620: RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that…
PriorityP428high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.58%
83.3th percentile
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | roundcube | < roundcube 0.1.1-10 (bookworm) | roundcube 0.1.1-10 (bookworm) |
| roundcube | webmail | <= 0.2 | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
| roundcube | webmail | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cm73-jgcq-4842: RoundCube Webmail (roundcubemail) before 0
ghsa_unreviewed·2022-05-17
CVE-2008-5620 [HIGH] GHSA-cm73-jgcq-4842: RoundCube Webmail (roundcubemail) before 0
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
OSV
CVE-2008-5620: RoundCube Webmail (roundcubemail) before 0
osv·2008-12-17·CVSS 7.8
CVE-2008-5620 [HIGH] CVE-2008-5620: RoundCube Webmail (roundcubemail) before 0
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Red Hat
roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
vendor_redhat·2008-12-16·CVSS 7.8
CVE-2008-5620 [HIGH] roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Debian
CVE-2008-5620: roundcube - RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cau...
vendor_debian·2008·CVSS 7.8
CVE-2008-5620 [HIGH] CVE-2008-5620: roundcube - RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cau...
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Scope: local
bookworm: resolved (fixed in 0.1.1-10)
bullseye: resolved (fixed in 0.1.1-10)
forky: resolved (fixed in 0.1.1-10)
sid: resolved (fixed in 0.1.1-10)
trixie: resolved (fixed in 0.1.1-10)
No detection rules found.
No public exploits indexed.
Bugzilla
Fix for CVE-2010-0464 in Roundcube 0.1.1 in EPEL5
bugzilla·2012-11-14·CVSS 7.8
CVE-2010-0464 [HIGH] Fix for CVE-2010-0464 in Roundcube 0.1.1 in EPEL5
Fix for CVE-2010-0464 in Roundcube 0.1.1 in EPEL5
EPEL5 currently distributes roundcubemail-0.1.1-6. According to the RPM changelog several CVE security vulnerabilities have been fixed, but I did not find a mention of CVE-2010-0464 being fixed: http://www.cvedetails.com/cve/CVE-2008-5620/
According to http://www.cvedetails.com/vulnerability-list/vendor_id-8905/product_id-15709/version_id-66544/Roundcube-Roundcube-Webmail-0.1.1.html Roundcube 0.1.1 is vulnerable.
Fixes for the roundcubemail package in Fedora 11 and 12 seem to have gone out though: https://bugzilla.redhat.com/show_bug.cgi?id=560142
Discussion:
I'll look into upgrading to a higher version using the php53 stack.
---
This seems not to be immediately feasible, a patch might be faster. Do you know if a patch for this again
Bugzilla
CVE-2008-5620 roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
bugzilla·2008-12-17·CVSS 7.8
CVE-2008-5620 [HIGH] CVE-2008-5620 roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
CVE-2008-5620 roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory)
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5620 to
the following vulnerability:
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote
attackers to cause a denial of service (memory consumption) via
crafted size parameters that are used to create a large quota image.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5620
http://sourceforge.net/forum/forum.php?forum_id=898542
Upstream patch:
http://downloads.sourceforge.net/roundcubemail/roundcubemail-0.2-beta-patch.tar.gz
Discussion:
Created attachment 327236
Upstream patch
---
This issue affects all versions of the Roundcubemail package, as shipped
with Fedora r
http://sourceforge.net/forum/forum.php?forum_id=898542http://www.vupen.com/english/advisories/2008/3418https://exchange.xforce.ibmcloud.com/vulnerabilities/47550http://sourceforge.net/forum/forum.php?forum_id=898542http://www.vupen.com/english/advisories/2008/3418https://exchange.xforce.ibmcloud.com/vulnerabilities/47550
2008-12-17
Published