CVE-2011-0333Improper Restriction of Operations within the Bounds of a Memory Buffer in Groupwise

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or WraparoundCWE-284Improper Access Control10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
6.1%
top 9.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Groupwise
Timeline
PublishedOct 8
Latest updateMay 17

Description

Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gx9r-3crr-q2qw: Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww12022-05-17
CVEList
CVE-2011-0333: Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww12011-10-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)2011-01-08

📋Vendor Advisories

5
Red Hat
kernel: possible privilege escalation via SG_IO ioctl2011-12-22
Red Hat
kernel: nfs4_getfacl decoding kernel oops2011-11-05
Red Hat
kernel: oom_badness() integer overflow2011-10-31
Red Hat
kernel: perf: Fix software event overflow2011-07-22
Red Hat
kernel: xfs: potential buffer overflow in xfs_readlink()2011-04-08

💬Community

1
Bugzilla
CVE-2011-2918 kernel: perf: Fix software event overflow2011-08-15
CVE-2011-0333 — Novell Groupwise vulnerability | cvebase