Vulnerability Details CVE-2003-0297
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=105294024124163&w=2
- http://www.redhat.com/support/errata/RHSA-2005-015.html
- http://www.redhat.com/support/errata/RHSA-2005-114.html
- http://www.securityfocus.com/archive/1/430302/100/0/threaded
- http://marc.info/?l=bugtraq&m=105294024124163&w=2
- http://www.redhat.com/support/errata/RHSA-2005-015.html
- http://www.redhat.com/support/errata/RHSA-2005-114.html
- http://www.securityfocus.com/archive/1/430302/100/0/threaded
Products affected by CVE-2003-0297
-
cpe:2.3:a:university_of_washington:c-client:*
-
cpe:2.3:a:university_of_washington:imap-2002b:*
-
cpe:2.3:a:university_of_washington:pine:4.53