CVE: CVE-2005-2933

Export to Word

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

S9 – Sabotage of System/App
S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.35083
Percentile: 0.96849

CVSS Scoring

CVSS v2 Score: 7.5

Severity:

Affected Products

cpe:2.3:a:university_of_washington:uw-imap:*:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004a:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004b:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004c:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004d:*:*:*:*:*:*:*
cpe:2.3:a:university_of_washington:uw-imap:2004e:*:*:*:*:*:*:*

← Back to Home