VDB
CVE-2005-2933
CVE-2005-2933
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.
EPSS 35.08% · 97.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
35.08%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| university_of_washington | uw-imap | 0, 2004, 2004b |
Exploit Intelligence
- MDKSA-2005:194 (circl)
- RHSA-2005:850 (circl)
- 17950 (circl)
- 21252 (circl)
- 17276 (circl)
- 17148 (circl)
- 20222 (circl)
- 20210 (circl)
- http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm (circl)
- 18554 (circl)
…and 34 more exploits
Timeline
- Oct 13, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- MDKSA-2005:194 vendor-advisory
- http://secunia.com/advisories/17928 technical
- RHSA-2005:850 vendor-advisory
- 17950 third-party-advisory
- 21252 third-party-advisory
- 17276 third-party-advisory
- 17148 third-party-advisory
- 20222 third-party-advisory
- 20210 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm url
- 18554 third-party-advisory
- 47 third-party-advisory
- 17152 third-party-advisory
- RHSA-2006:0276 vendor-advisory
- DSA-861 vendor-advisory
- 20051004 iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability mailing-list
- 17062 third-party-advisory
- oval:org.mitre.oval:def:9858 vdb
- 20051201-01-U vendor-advisory
- 15009 vdb
…and 27 more