CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.0%
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is
disabled, allows remote attackers to execute arbitrary code via a long
timezone string in an iCalendar attachment.
Author | Note |
---|---|
jdstrand | redhat has patches for 2.12, 1,4,5, 2.0.2, 2.8 requires ITIP formatter to be disabled (it is enabled by default) testing revealed http://bugzilla.gnome.org/show_bug.cgi?id=535459 (another crasher) |