{"api_version":"1","generated_at":"2026-04-23T10:55:53+00:00","cve":"CVE-2008-5006","urls":{"html":"https://cve.report/CVE-2008-5006","api":"https://cve.report/api/cve/CVE-2008-5006.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-5006","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-5006"},"summary":{"title":"CVE-2008-5006","description":"smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-11-10 14:12:56","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-399","NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46604","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46604","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/33142","name":"http://secunia.com/advisories/33142","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Alerts - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1685","name":"http://www.debian.org/security/2008/dsa-1685","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1685-1 uw-imap","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:146","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:146","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2009:146 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/32280","name":"http://www.securityfocus.com/bid/32280","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2008/11/03/5","name":"http://www.openwall.com/lists/oss-security/2008/11/03/5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - Re: CVE request - uw-imap","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-5006","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5006","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"5006","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"university_of_washington","cpe5":"imap_toolkit","cpe6":"2007b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2008-5006","organization":"Red Hat","lastmodified":"2009-01-30","contributor":"Tomas Hoger","statementText":"The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.","cve_year":"2008","cve_id":"5006","crc32":"effd7ea5"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:40:16.891Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"[oss-security] 20081103 Re: CVE request - uw-imap","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2008/11/03/5"},{"name":"DSA-1685","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1685"},{"name":"imap-toolkit-smtp-dos(46604)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"},{"name":"32280","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/32280"},{"name":"33142","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/33142"},{"name":"MDVSA-2009:146","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-11-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"[oss-security] 20081103 Re: CVE request - uw-imap","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2008/11/03/5"},{"name":"DSA-1685","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1685"},{"name":"imap-toolkit-smtp-dos(46604)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"},{"name":"32280","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/32280"},{"name":"33142","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/33142"},{"name":"MDVSA-2009:146","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-5006","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[oss-security] 20081103 Re: CVE request - uw-imap","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2008/11/03/5"},{"name":"DSA-1685","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1685"},{"name":"imap-toolkit-smtp-dos(46604)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/46604"},{"name":"32280","refsource":"BID","url":"http://www.securityfocus.com/bid/32280"},{"name":"33142","refsource":"SECUNIA","url":"http://secunia.com/advisories/33142"},{"name":"MDVSA-2009:146","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-5006","datePublished":"2008-11-10T11:00:00.000Z","dateReserved":"2008-11-10T00:00:00.000Z","dateUpdated":"2024-08-07T10:40:16.891Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-11-10 14:12:56","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-399","NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:university_of_washington:imap_toolkit:2007b:*:*:*:*:*:*:*","matchCriteriaId":"1AEEC15C-B840-4389-B6CF-F61E4A2244F1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"5006","Ordinal":"1","Title":"CVE-2008-5006","CVE":"CVE-2008-5006","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"5006","Ordinal":"1","NoteData":"smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.","Type":"Description","Title":"CVE-2008-5006"},{"CveYear":"2008","CveId":"5006","Ordinal":"2","NoteData":"2008-11-10","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"5006","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}