CVE-2008-5514

Description

Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.

How to fix CVE-2008-5514

To remediate CVE-2008-5514, upgrade the affected package to a fixed version below.

• Debian/alpine—upgrade to 2.02-3.1 or later
• Debian/uw-imap—upgrade to 2007b~dfsg-1.1 or later

Is CVE-2008-5514 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 2.02-3.1
• from 0, < 2007b~dfsg-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5514