Vulnerability Name:

CVE-2008-5514 (CCN-47526)

Assigned:2008-12-16
Published:2008-12-16
Updated:2017-08-08
Summary:Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-5514

Source: CCN
Type: SA33275
UW-imapd c-client Library Off-by-one Vulnerability

Source: SECUNIA
Type: UNKNOWN
33275

Source: SECUNIA
Type: UNKNOWN
33638

Source: CCN
Type: SECTRACK ID: 1021485
uw-imap Client Library Bug Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1021485

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:146

Source: CCN
Type: OSVDB ID: 52905
UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one

Source: BID
Type: UNKNOWN
32958

Source: CCN
Type: BID-32958
University of Washington IMAP c-client Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-3490

Source: CCN
Type: UW IMAP Server Web site
UW IMAP Server Documentation, Updated: 16 December 2008

Source: CONFIRM
Type: UNKNOWN
http://www.washington.edu/imap/documentation/RELNOTES.html

Source: CCN
Type: Red Hat Bugzilla Bug 477227
(CVE-2008-5514) CVE-2008-5514 libc-client: buffer overflow in rfc822_output_char / rfc822_output_data

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=477227

Source: XF
Type: UNKNOWN
uwimapd-rfc822outputchar-dos(47526)

Source: XF
Type: UNKNOWN
uwimapd-rfc822outputchar-dos(47526)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-0371

Source: SUSE
Type: SUSE-SR:2009:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:university_of_washington:imap:2000:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2000a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2000b:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2000c:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2001:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2001a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002b:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002c:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002d:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002e:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2002f:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004b:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004c:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004d:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004e:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004f:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2004g:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006b:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006c:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006d:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006e:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006f:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006g:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006h:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006i:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006j:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2006k:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2007:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2007a:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:2007b:*:*:*:*:*:*:*
  • OR cpe:/a:university_of_washington:imap:*:*:*:*:*:*:*:* (Version <= 2007d)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085514
    V
    		CVE-2008-5514
    2015-11-16
    BACK
    university_of_washington imap 2000
    university_of_washington imap 2000a
    university_of_washington imap 2000b
    university_of_washington imap 2000c
    university_of_washington imap 2001
    university_of_washington imap 2001a
    university_of_washington imap 2002
    university_of_washington imap 2002a
    university_of_washington imap 2002b
    university_of_washington imap 2002c
    university_of_washington imap 2002d
    university_of_washington imap 2002e
    university_of_washington imap 2002f
    university_of_washington imap 2004
    university_of_washington imap 2004a
    university_of_washington imap 2004b
    university_of_washington imap 2004c
    university_of_washington imap 2004d
    university_of_washington imap 2004e
    university_of_washington imap 2004f
    university_of_washington imap 2004g
    university_of_washington imap 2006
    university_of_washington imap 2006a
    university_of_washington imap 2006b
    university_of_washington imap 2006c
    university_of_washington imap 2006d
    university_of_washington imap 2006e
    university_of_washington imap 2006f
    university_of_washington imap 2006g
    university_of_washington imap 2006h
    university_of_washington imap 2006i
    university_of_washington imap 2006j
    university_of_washington imap 2006k
    university_of_washington imap 2007
    university_of_washington imap 2007a
    university_of_washington imap 2007b
    university_of_washington imap *