Upstream information

CVE-2008-5514 at MITRE

Description

Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 458579 [RESOLVED / FIXED], 568527 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • imap-debuginfo >= 2006c1_suse-100.3
  • imap-debugsource >= 2006c1_suse-100.3
openSUSE 11.0
  • imap >= 2006c1_suse-100.3
  • imap-devel >= 2006c1_suse-100.3
  • imap-lib >= 2006c1_suse-100.3
openSUSE 11.1
  • imap-debuginfo >= 2006c1_suse-127.1
  • imap-debugsource >= 2006c1_suse-127.1
  • imap-devel >= 2006c1_suse-127.1
  • imap-lib >= 2006c1_suse-127.1
openSUSE 11.1
  • imap-devel >= 2006c1_suse-127.1
  • imap-lib >= 2006c1_suse-127.1