CVE-2009-0587 — Integer Overflow or Wraparound in Evolution-data-server

CWE-189 CWE-190 — Integer Overflow or Wraparound8 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evolution-data-server Go-evolution Evolution-data-server

Timeline

PublishedMar 14

Latest updateMay 2

Description

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiangnome/evolution-data-server< 2.22.3-1+3

▶NVDgo-evolution/evolution-data-server2.24.4

Patches

Patch: ocert.org ↗Patch: ocert.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-f284-536x-2f8v: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2↗2022-05-02

▶

OSV

CVE-2009-0587: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2↗2009-03-14

▶

CVEList

CVE-2009-0587: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2↗2009-03-14

▶

📋Vendor Advisories

Ubuntu

evolution-data-server vulnerability↗2009-03-16

▶

Red Hat

evolution-data-server: integer overflow in base64 encoding functions↗2009-03-12

▶

Debian

CVE-2009-0587: evolution-data-server - Multiple integer overflows in Evolution Data Server (aka evolution-data-server) ...↗2009

▶

💬Community

Bugzilla

CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions↗2009-03-03

▶