CVE-2008-5514

NameCVE-2008-5514
DescriptionOff-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDTSA-174-2
NVD severitymedium
Debian Bugs510918

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
alpine (PTS)stretch2.20+dfsg1-7fixed
buster2.21+dfsg1-1.1fixed
bullseye, sid2.24+dfsg1-1fixed
uw-imap (PTS)stretch8:2007f~dfsg-5fixed
buster8:2007f~dfsg-6fixed
bullseye, sid8:2007f~dfsg-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
alpinesourcesqueeze2.00+dfsg-6+squeeze1
alpinesource(unstable)2.02-3.1low
uw-imapsourceetch(not affected)
uw-imapsourcelenny2007b~dfsg-4+lenny3DTSA-174-2
uw-imapsource(unstable)2007b~dfsg-1.1medium510918

Notes

[etch] - uw-imap <not-affected> (Vulnerable code not present)
[lenny] - alpine <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems