CVE-2015-8708Improper Restriction of Operations within the Bounds of a Memory Buffer in Claws-mail

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
7.3HIGHNVD
EPSS
1.3%
top 20.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Claws-mail
Timeline
PublishedApr 11
Latest updateMay 17

Description

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

Debianclaws-mail/claws-mail< 3.13.1-1.1+3

🔴Vulnerability Details

3
GHSA
GHSA-wxq2-7jmr-g3rx: Stack-based buffer overflow in the conv_euctojis function in codeconv2022-05-17
OSV
CVE-2015-8708: Stack-based buffer overflow in the conv_euctojis function in codeconv2016-04-11
CVEList
CVE-2015-8708: Stack-based buffer overflow in the conv_euctojis function in codeconv2016-04-11

📋Vendor Advisories

1
Debian
CVE-2015-8708: claws-mail - Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws...2015

💬Community

3
Bugzilla
CVE-2015-8708 claws-mail: Stack overflow in conv_euctojis() [fedora-all]2016-01-04
Bugzilla
CVE-2015-8708 claws-mail: Stack overflow in conv_euctojis()2016-01-04
Bugzilla
CVE-2015-8708 claws-mail: Stack overflow in conv_euctojis() [epel-all]2016-01-04
CVE-2015-8708 — Claws-mail vulnerability | cvebase