Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00599
Percentile: 0.68426

CVSS Scoring

Mapped CWE(s)

• CWE-190 : Integer Overflow or Wraparound

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

← Back to Home