CVE-2008-5514

NameCVE-2008-5514
DescriptionOff-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDTSA-174-2
NVD severitymedium (attack range: remote)
Debian Bugs510918

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
alpine (PTS)wheezy2.02+dfsg-2fixed
jessie2.11+dfsg1-3fixed
stretch2.20+dfsg1-7fixed
buster, sid2.21+dfsg1-1fixed
uw-imap (PTS)wheezy8:2007f~dfsg-2fixed
jessie8:2007f~dfsg-4fixed
buster, stretch, sid8:2007f~dfsg-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
alpinesource(unstable)2.02-3.1low
alpinesourcesqueeze2.00+dfsg-6+squeeze1medium
uw-imapsource(unstable)2007b~dfsg-1.1medium510918
uw-imapsourceetch(not affected)
uw-imapsourcelenny2007b~dfsg-4+lenny3mediumDTSA-174-2

Notes

[etch] - uw-imap <not-affected> (Vulnerable code not present)
[lenny] - alpine <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems