Upstream information
Description
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- TID7009208, published Sat May 19 21:50:36 CEST 2018
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 04:20:26 2013CVE page last modified: Tue May 5 17:18:40 2026