CVE-2009-1636Improper Restriction of Operations within the Bounds of a Memory Buffer in Groupwise

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
68.1%
top 1.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Groupwise
Timeline
PublishedMay 26
Latest updateMay 2

Description

Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/groupwise7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-vw36-gr34-38p5: Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 72022-05-02
CVEList
CVE-2009-1636: Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 72009-05-26

💬Community

2
Bugzilla
CVE-2009-3554 JBoss EAP Twiddle logs the JMX password2009-11-20
Bugzilla
CVE-2009-1380 jbossas JMX-Console cross-site-scripting in filter parameter2009-07-14
CVE-2009-1636 — Novell Groupwise vulnerability | cvebase