- Description
- Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailutils:0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "848F9FC2-578F-42FF-A333-011BB779F4BF"
},
{
"criteria": "cpe:2.3:a:gnu:mailutils:0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D061351-9F01-4F19-A323-60DC9CD2C915"
}
],
"operator": "OR"
}
]
}
]