CVE-2008-5514

NameCVE-2008-5514
DescriptionOff-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-174-2
Debian Bugs510918

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
alpine (PTS)bullseye2.24+dfsg1-1fixed
bookworm2.26+dfsg-1fixed
sid, trixie2.26+dfsg-2fixed
uw-imap (PTS)sid, trixie, bookworm, bullseye8:2007f~dfsg-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
alpinesourcesqueeze2.00+dfsg-6+squeeze1
alpinesource(unstable)2.02-3.1low
uw-imapsourceetch(not affected)
uw-imapsourcelenny2007b~dfsg-4+lenny3DTSA-174-2
uw-imapsource(unstable)2007b~dfsg-1.1medium510918

Notes

[etch] - uw-imap <not-affected> (Vulnerable code not present)
[lenny] - alpine <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems