University Of Washington: >> Imap Security Vulnerabilities
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
CVSS Score
4.3
EPSS Score
0.011
Published
2008-12-23
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-08-31
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.
CVSS Score
7.5
EPSS Score
0.012
Published
2000-11-14
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVSS Score
7.5
EPSS Score
0.799
Published
2000-04-16
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
CVSS Score
10.0
EPSS Score
0.035
Published
1999-05-26
Arbitrary command execution via IMAP buffer overflow in authenticate command.
CVSS Score
10.0
EPSS Score
0.175
Published
1998-07-20
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
CVSS Score
10.0
EPSS Score
0.055
Published
1997-04-07