CVE-2002-2325
Summary
| CVE | CVE-2002-2325 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-31 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
CompleteAV:N/AC:L/Au:N/C:N/I:N/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | University Of Washington | Pine | 4.20 | All | All | All |
| Application | University Of Washington | Pine | 4.21 | All | All | All |
| Application | University Of Washington | Pine | 4.30 | All | All | All |
| Application | University Of Washington | Pine | 4.33 | All | All | All |
| Application | University Of Washington | Pine | 4.44 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pine Empty MIME Boundary Denial Of Service Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit |
| ISS X-Force Database: pine-blank-boundary-dos (9668): Pine MIME encoded blank boundary denial of service | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | Patch |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | online.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.