CVE-2003-0297

2003-06-1604:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0297

c-client

imap client

remote code execution

denial of service

integer signedness errors

integer overflow errors

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.

Affected configurations

NVD

Node

university_of_washingtonc-client

university_of_washingtonimap-2002b

university_of_washingtonpineMatch4.53

CPENameOperatorVersion
university_of_washington:c-clientuniversity of washington c-clienteq*
university_of_washington:imap-2002buniversity of washington imap-2002beq*
university_of_washington:pineuniversity of washington pineeq4.53

CPE	Name	Operator	Version
university_of_washington:c-client	university of washington c-client	eq	*
university_of_washington:imap-2002b	university of washington imap-2002b	eq	*
university_of_washington:pine	university of washington pine	eq	4.53