Denial of Service Vulnerability in ESet NOD32 Email Handling
CVE-2008-5425

Currently unrated

Key Information:

Vendor: Eset
Status: Nod32 Antivirus
Vendor: CVE Published:; 11 December 2008

What is CVE-2008-5425?

ESet NOD32 version 2.70.0039.0000 has a vulnerability related to handling multipart/mixed e-mail messages that contain numerous MIME parts. This flaw may allow remote attackers to exploit the system by sending crafted email messages designed to consume stack resources or other system resources, resulting in a denial of service. This issue may also be linked to handling 'Content-type: message/rfc822;' headers, which can complicate email processing and lead to similar resource exhaustion.

References

http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro

x_refsource_MISC

http://securityreason.com/securityalert/4721

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499038/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008

JSON

Eset

What is CVE-2008-5425?

References

Timeline