- Description
- Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0B9CA4A-A38F-416E-8932-E12A0EB3F2C8"
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F114852D-4966-424F-883B-3223B2D6CB96"
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B33723FF-72E4-4CBF-814A-CBFB17BD87AB"
}
],
"operator": "OR"
}
]
}
]