#VU33086 Buffer overflow - CVE-2008-5514

Cybersecurity Help s.r.o.

Published: 2008-12-23 | Updated: 2020-08-03

Vulnerability identifier: #VU33086

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2008-5514

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.

Mitigation
Install update from vendor's website.

External links
https://secunia.com/advisories/33275
https://secunia.com/advisories/33638
https://securitytracker.com/id?1021485
https://www.mandriva.com/security/advisories?name=MDVSA-2009:146
https://www.securityfocus.com/bid/32958
https://www.vupen.com/english/advisories/2008/3490
https://www.washington.edu/imap/documentation/RELNOTES.html
https://bugzilla.redhat.com/show_bug.cgi?id=477227
https://exchange.xforce.ibmcloud.com/vulnerabilities/47526
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in alpine (Alpine package)