CVE-2008-5514
Summary
| CVE | CVE-2008-5514 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-23 18:30:00 UTC |
| Updated | 2017-08-08 01:33:00 UTC |
| Description | Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | University Of Washington | Imap | 2000 | All | All | All |
| Application | University Of Washington | Imap | 2000a | All | All | All |
| Application | University Of Washington | Imap | 2000b | All | All | All |
| Application | University Of Washington | Imap | 2000c | All | All | All |
| Application | University Of Washington | Imap | 2001 | All | All | All |
| Application | University Of Washington | Imap | 2001a | All | All | All |
| Application | University Of Washington | Imap | 2002 | All | All | All |
| Application | University Of Washington | Imap | 2002a | All | All | All |
| Application | University Of Washington | Imap | 2002b | All | All | All |
| Application | University Of Washington | Imap | 2002c | All | All | All |
| Application | University Of Washington | Imap | 2002d | All | All | All |
| Application | University Of Washington | Imap | 2002e | All | All | All |
| Application | University Of Washington | Imap | 2002f | All | All | All |
| Application | University Of Washington | Imap | 2004 | All | All | All |
| Application | University Of Washington | Imap | 2004a | All | All | All |
| Application | University Of Washington | Imap | 2004b | All | All | All |
| Application | University Of Washington | Imap | 2004c | All | All | All |
| Application | University Of Washington | Imap | 2004d | All | All | All |
| Application | University Of Washington | Imap | 2004e | All | All | All |
| Application | University Of Washington | Imap | 2004f | All | All | All |
| Application | University Of Washington | Imap | 2004g | All | All | All |
| Application | University Of Washington | Imap | 2006 | All | All | All |
| Application | University Of Washington | Imap | 2006a | All | All | All |
| Application | University Of Washington | Imap | 2006b | All | All | All |
| Application | University Of Washington | Imap | 2006c | All | All | All |
| Application | University Of Washington | Imap | 2006d | All | All | All |
| Application | University Of Washington | Imap | 2006e | All | All | All |
| Application | University Of Washington | Imap | 2006f | All | All | All |
| Application | University Of Washington | Imap | 2006g | All | All | All |
| Application | University Of Washington | Imap | 2006h | All | All | All |
| Application | University Of Washington | Imap | 2006i | All | All | All |
| Application | University Of Washington | Imap | 2006j | All | All | All |
| Application | University Of Washington | Imap | 2006k | All | All | All |
| Application | University Of Washington | Imap | 2007 | All | All | All |
| Application | University Of Washington | Imap | 2007a | All | All | All |
| Application | University Of Washington | Imap | 2007b | All | All | All |
| Application | University Of Washington | Imap | 2000 | All | All | All |
| Application | University Of Washington | Imap | 2000a | All | All | All |
| Application | University Of Washington | Imap | 2000b | All | All | All |
| Application | University Of Washington | Imap | 2000c | All | All | All |
| Application | University Of Washington | Imap | 2001 | All | All | All |
| Application | University Of Washington | Imap | 2001a | All | All | All |
| Application | University Of Washington | Imap | 2002 | All | All | All |
| Application | University Of Washington | Imap | 2002a | All | All | All |
| Application | University Of Washington | Imap | 2002b | All | All | All |
| Application | University Of Washington | Imap | 2002c | All | All | All |
| Application | University Of Washington | Imap | 2002d | All | All | All |
| Application | University Of Washington | Imap | 2002e | All | All | All |
| Application | University Of Washington | Imap | 2002f | All | All | All |
| Application | University Of Washington | Imap | 2004 | All | All | All |
| Application | University Of Washington | Imap | 2004a | All | All | All |
| Application | University Of Washington | Imap | 2004b | All | All | All |
| Application | University Of Washington | Imap | 2004c | All | All | All |
| Application | University Of Washington | Imap | 2004d | All | All | All |
| Application | University Of Washington | Imap | 2004e | All | All | All |
| Application | University Of Washington | Imap | 2004f | All | All | All |
| Application | University Of Washington | Imap | 2004g | All | All | All |
| Application | University Of Washington | Imap | 2006 | All | All | All |
| Application | University Of Washington | Imap | 2006a | All | All | All |
| Application | University Of Washington | Imap | 2006b | All | All | All |
| Application | University Of Washington | Imap | 2006c | All | All | All |
| Application | University Of Washington | Imap | 2006d | All | All | All |
| Application | University Of Washington | Imap | 2006e | All | All | All |
| Application | University Of Washington | Imap | 2006f | All | All | All |
| Application | University Of Washington | Imap | 2006g | All | All | All |
| Application | University Of Washington | Imap | 2006h | All | All | All |
| Application | University Of Washington | Imap | 2006i | All | All | All |
| Application | University Of Washington | Imap | 2006j | All | All | All |
| Application | University Of Washington | Imap | 2006k | All | All | All |
| Application | University Of Washington | Imap | 2007 | All | All | All |
| Application | University Of Washington | Imap | 2007a | All | All | All |
| Application | University Of Washington | Imap | 2007b | All | All | All |
| Application | University Of Washington | Imap | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 477227 – CVE-2008-5514 libc-client: buffer overflow in rfc822_output_char / rfc822_output_data | CONFIRM | bugzilla.redhat.com | |
| UW IMAP software--UW IMAP Server Documentation | CONFIRM | www.washington.edu | |
| [SECURITY] Fedora 9 Update: uw-imap-2007e-1.fc9 | FEDORA | www.redhat.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| University of Washington IMAP c-client Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| UW-imapd c-client Library Off-by-one Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| uw-imap Client Library Bug Lets Remote Users Deny Service - SecurityTracker | SECTRACK | securitytracker.com | |
| Support / Security / Advisories / / MDVSA-2009:146 | Mandriva | MANDRIVA | www.mandriva.com | |
| Security Advisory SA33638 - Fedora update for uw-imap - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2009-01-12 | Tomas Hoger | Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5. |
There are currently no legacy QID mappings associated with this CVE.