{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-22T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.washington.edu/imap/documentation/RELNOTES.html"}, {"name": "33275", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33275"}, {"name": "32958", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32958"}, {"name": "33638", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33638"}, {"name": "uwimapd-rfc822outputchar-dos(47526)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"}, {"name": "1021485", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021485"}, {"name": "FEDORA-2009-0371", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"}, {"name": "ADV-2008-3490", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3490"}, {"name": "MDVSA-2009:146", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:56:47.016Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.washington.edu/imap/documentation/RELNOTES.html"}, {"name": "33275", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33275"}, {"name": "32958", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32958"}, {"name": "33638", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33638"}, {"name": "uwimapd-rfc822outputchar-dos(47526)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"}, {"name": "1021485", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021485"}, {"name": "FEDORA-2009-0371", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"}, {"name": "ADV-2008-3490", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3490"}, {"name": "MDVSA-2009:146", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-5514", "datePublished": "2008-12-23T18:13:00", "dateReserved": "2008-12-12T00:00:00", "dateUpdated": "2024-08-07T10:56:47.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:university_of_washington:imap:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CF4464-7DBE-4C8E-B6CF-A4777ADB1D96", "versionEndIncluding": "2007d", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2000:*:*:*:*:*:*:*", "matchCriteriaId": "68ABE6C6-A499-4E11-91E9-8F8B61776BDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2000a:*:*:*:*:*:*:*", "matchCriteriaId": "4BE0A870-F96D-42A8-ACDA-EC6BF9C4CAD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2000b:*:*:*:*:*:*:*", "matchCriteriaId": "D2F84DA2-C7DE-4659-AEB6-8E4AB059B85A", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2000c:*:*:*:*:*:*:*", "matchCriteriaId": "4DACC0FF-2831-4905-8862-DC46D9EF2B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2001:*:*:*:*:*:*:*", "matchCriteriaId": "64C291AE-CA06-4982-AB18-A2C6DF6BCB9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2001a:*:*:*:*:*:*:*", "matchCriteriaId": "85B417A8-D3DF-4808-9880-BCDB747148E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002:*:*:*:*:*:*:*", "matchCriteriaId": "C8284427-CFFE-4075-9EC1-5E77DD5F0F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002a:*:*:*:*:*:*:*", "matchCriteriaId": "593B87AB-3009-4690-B09F-2D79E7019B2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002b:*:*:*:*:*:*:*", "matchCriteriaId": "6C43CED0-66F6-4D3B-A24B-81ACA70243D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002c:*:*:*:*:*:*:*", "matchCriteriaId": "ABD1CAF4-C478-4126-A450-AFBCA5CC1ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002d:*:*:*:*:*:*:*", "matchCriteriaId": "35F2E0DB-E67C-4351-BC9D-6DF77F07D2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002e:*:*:*:*:*:*:*", "matchCriteriaId": "DB4BB0BD-03F6-403B-BE5A-9D610DF59869", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2002f:*:*:*:*:*:*:*", "matchCriteriaId": "851E2CD6-E061-4236-B44C-FC9810CD16DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004:*:*:*:*:*:*:*", "matchCriteriaId": "188B27E0-5BAF-46B2-82F0-79CA0859A33D", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004a:*:*:*:*:*:*:*", "matchCriteriaId": "E78E770B-83C3-414F-8F1F-2E70C604873E", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004b:*:*:*:*:*:*:*", "matchCriteriaId": "A8E72678-D201-4A9E-B42F-E76B44C2F062", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004c:*:*:*:*:*:*:*", "matchCriteriaId": "9E232637-E1E6-4B85-9AF1-FD91A9767087", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004d:*:*:*:*:*:*:*", "matchCriteriaId": "EA74AD8D-6364-4DA9-8F0A-A11AE9FB1011", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004e:*:*:*:*:*:*:*", "matchCriteriaId": "3465EC3A-5250-4729-AC7A-AE9D0E4C8BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004f:*:*:*:*:*:*:*", "matchCriteriaId": "0E4D902D-C846-4698-952A-028927D24ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2004g:*:*:*:*:*:*:*", "matchCriteriaId": "7724A2ED-D633-43C0-B547-FBD8EBA86DBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006:*:*:*:*:*:*:*", "matchCriteriaId": "E6C44FAA-8BDE-4C86-9891-A1CF6B23407F", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006a:*:*:*:*:*:*:*", "matchCriteriaId": "2CB3CD69-985E-4DE1-9A08-E4EB216F0793", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006b:*:*:*:*:*:*:*", "matchCriteriaId": "8423C322-77A5-4CAA-8901-8B8F1D9FF8E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006c:*:*:*:*:*:*:*", "matchCriteriaId": "9862573C-0379-4585-8ECB-2B3B98FA7944", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006d:*:*:*:*:*:*:*", "matchCriteriaId": "C028BF64-22F5-424E-A959-42AEB2ABEED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006e:*:*:*:*:*:*:*", "matchCriteriaId": "9EAB09AD-F648-402F-921A-9345275143BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006f:*:*:*:*:*:*:*", "matchCriteriaId": "4E8DA588-ADCA-4125-8217-F27D035948FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006g:*:*:*:*:*:*:*", "matchCriteriaId": "F552DEE9-4730-405E-B482-E002E5A39A67", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006h:*:*:*:*:*:*:*", "matchCriteriaId": "E74FA86E-A6A0-4EC7-A0F7-31AE362F9308", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006i:*:*:*:*:*:*:*", "matchCriteriaId": "4CC6B678-CF97-431C-8EFB-5E2223966F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006j:*:*:*:*:*:*:*", "matchCriteriaId": "6D9229C6-6251-4675-9396-5753AB81C80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2006k:*:*:*:*:*:*:*", "matchCriteriaId": "9E280DD2-F66A-48FF-B23A-FF49753C2654", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2007:*:*:*:*:*:*:*", "matchCriteriaId": "85BC14FB-C24B-405D-9C83-1444874489AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2007a:*:*:*:*:*:*:*", "matchCriteriaId": "E25C5926-DCA2-4766-B2DE-C5818494F850", "vulnerable": true}, {"criteria": "cpe:2.3:a:university_of_washington:imap:2007b:*:*:*:*:*:*:*", "matchCriteriaId": "535F9E8E-6BB4-455D-A8A4-50D0531F28A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow."}, {"lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite en la funci\u00f3n rfc822_output_char en las rutinas RFC822BUFFER de las bibliotecas c-client library, de la Universidad de Washinton (UW), como las utilizadas en por el Juego de herramientas UW IMAP anteriores a imap-2007e y otras aplicaciones, permiten a atacantes, despendiendo del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un correo electr\u00f3nico, que desencadene un desbordamiento de buffer.\r\n"}], "id": "CVE-2008-5514", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-23T18:30:03.280", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33275"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33638"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1021485"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/32958"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/3490"}, {"source": "secalert@redhat.com", "url": "http://www.washington.edu/imap/documentation/RELNOTES.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1021485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.washington.edu/imap/documentation/RELNOTES.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00846.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5.", "lastModified": "2009-01-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libc-client: buffer overflow in rfc822_output_char / rfc822_output_data", "id": "477227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477227"}, "csaw": false, "details": ["Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow."], "name": "CVE-2008-5514", "public_date": "2008-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5514\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-5514"], "statement": "Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5.", "threat_severity": "Moderate"}