Stack-Based Buffer Overflow in SurgeMail IMAP Service by NetWin
CVE-2008-1497

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail
Vendor: CVE Published:; 25 March 2008

What is CVE-2008-1497?

A stack-based buffer overflow vulnerability exists in the IMAP service of NetWin's SurgeMail, affecting version 38k4-4 and earlier. This issue allows remote authenticated users to exploit the vulnerability by sending excessively long arguments to the LSUB command. Successful exploitation may enable an attacker to execute arbitrary code on the server, posing significant risks to sensitive data and system integrity.

References

http://securityreason.com/securityalert/3774

third-party-advisoryx_refsource_SREASON

http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-0...

x_refsource_MISC

http://secunia.com/advisories/29105

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 25, 2008
Vulnerability Reserved
Mar 25, 2008

Netwin

What is CVE-2008-1497?

References

EPSS Score

Timeline