Vulnerability Details CVE-2007-2958
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.037
EPSS Ranking 87.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://bugs.gentoo.org/show_bug.cgi?id=190104
- http://osvdb.org/40184
- http://secunia.com/advisories/26550
- http://secunia.com/advisories/26610
- http://secunia.com/advisories/27229
- http://secunia.com/advisories/27379
- http://secunia.com/secunia_research/2007-70/advisory/
- http://security.gentoo.org/glsa/glsa-200710-29.xml
- http://www.novell.com/linux/security/advisories/2007_20_sr.html
- http://www.securityfocus.com/bid/25430
- http://www.vupen.com/english/advisories/2007/2971
- https://bugzilla.redhat.com/show_bug.cgi?id=254121
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36238
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html
- http://bugs.gentoo.org/show_bug.cgi?id=190104
- http://osvdb.org/40184
- http://secunia.com/advisories/26550
- http://secunia.com/advisories/26610
- http://secunia.com/advisories/27229
- http://secunia.com/advisories/27379
- http://secunia.com/secunia_research/2007-70/advisory/
- http://security.gentoo.org/glsa/glsa-200710-29.xml
- http://www.novell.com/linux/security/advisories/2007_20_sr.html
- http://www.securityfocus.com/bid/25430
- http://www.vupen.com/english/advisories/2007/2971
- https://bugzilla.redhat.com/show_bug.cgi?id=254121
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36238
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html
Products affected by CVE-2007-2958
-
cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100
-
cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0
-
cpe:2.3:a:sylpheed:sylpheed:2.4.4