CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.6%
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
Vendor | Product | Version | CPE |
---|---|---|---|
gnome | evolution | 1.4 | cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:* |
gnome | evolution | 1.5 | cpe:2.3:a:gnome:evolution:1.5:*:*:*:*:*:*:* |
gnome | evolution | 2.0 | cpe:2.3:a:gnome:evolution:2.0:*:*:*:*:*:*:* |
gnome | evolution | 2.1 | cpe:2.3:a:gnome:evolution:2.1:*:*:*:*:*:*:* |
gnome | evolution | 2.2 | cpe:2.3:a:gnome:evolution:2.2:*:*:*:*:*:*:* |
gnome | evolution | 2.3.1 | cpe:2.3:a:gnome:evolution:2.3.1:*:*:*:*:*:*:* |
gnome | evolution | 2.3.2 | cpe:2.3:a:gnome:evolution:2.3.2:*:*:*:*:*:*:* |
gnome | evolution | 2.3.3 | cpe:2.3:a:gnome:evolution:2.3.3:*:*:*:*:*:*:* |
gnome | evolution | 2.3.4 | cpe:2.3:a:gnome:evolution:2.3.4:*:*:*:*:*:*:* |
gnome | evolution | 2.3.5 | cpe:2.3:a:gnome:evolution:2.3.5:*:*:*:*:*:*:* |
marc.info/?l=full-disclosure&m=112368237712032&w=2
secunia.com/advisories/16394
secunia.com/advisories/19380
www.debian.org/security/2006/dsa-1016
www.mandriva.com/security/advisories?name=MDKSA-2005:141
www.novell.com/linux/security/advisories/2005_54_evolution.html
www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
www.redhat.com/support/errata/RHSA-2005-267.html
www.securityfocus.com/archive/1/407789
www.securityfocus.com/bid/14532
www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880
usn.ubuntu.com/166-1/