CVE-2003-0297 - c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to c

CVE-2003-0297

Summary

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

References

Vulnerable Configurations

cpe:2.3:a:university_of_washington:c-client:*:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:c-client:*:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap-2002b:*:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:imap-2002b:*:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2005:015
rhsa
id RHSA-2005:114

refmap via4

bugtraq	20030514 Buffer overflows in multiple IMAP clients
fedora	FLSA:184074

Last major update

19-10-2018 - 15:29

Published

16-06-2003 - 04:00

Last modified

19-10-2018 - 15:29