CVE-2009-3235

Published Sep 17, 2009

Last updated 7 years ago

CVSS info 7.5

Overview

Description: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4240BD98-3C31-42CE-AF8F-045DD4BFC084"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D7A4A82-6C8D-453E-ACC5-2C8BAC7804D6"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C05ACA0-ED87-4DDF-94B6-8D25BE1790F1"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A8C0C4A-F9DB-4BB7-BFC5-BEC22C3FE40B"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8BE860F-A3C2-43E0-BC75-503C437DAADD"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4E57B06-8650-4374-B643-6FCBE3ABDAF5"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0384E42-1506-4C08-AA5A-18B2A711C7F0"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5DC1CE5-50B9-426E-B98A-224DC499AB15"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "350A26D6-A8BA-4125-A640-264E08D28CB0"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71057F4B-3040-4771-B989-9F3453934AAA"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1730EBB1-4071-4A23-B770-D564AF422273"
          },
          {
            "criteria": "cpe:2.3:a:dovecot:dovecot:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A27394-E1C7-4EF0-94C8-71D6EA33CE6D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References