Integer Overflow Vulnerability in GNU Mailutils IMAP4D Server
CVE-2005-1521

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
26 May 2005

Summary

The fetch_io function of the imap4d server in GNU Mailutils versions 0.5 and 0.6, as well as earlier releases up to version 0.6.90, is susceptible to an integer overflow. This vulnerability arises when a remote attacker sends a crafted partial message request containing a large value in the END parameter. The overflow can result in a heap-based buffer overflow, potentially allowing the attacker to execute arbitrary code on the affected system. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.