ID CVE-2003-0167
Summary Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
References
Vulnerable Configurations
  • cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 7229
debian
  • DSA-274
  • DSA-300
Last major update 05-09-2008 - 20:33
Published 02-04-2003 - 05:00
Last modified 05-09-2008 - 20:33
Back to Top