CVE-2009-0363

NameCVE-2009-0363
DescriptionMultiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-197-1
Debian Bugs515118

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
barnowl (PTS)buster1.10-1fixed
sid, trixie, bookworm, bullseye1.10-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
barnowlsourcelenny1.0.1-4
barnowlsource(unstable)1.0.5-1
owlsource(unstable)2.2.2-1515118

Notes

[lenny] - owl <no-dsa> (Minor issue)
[etch] - owl <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems