CVE-2004-0777

2004-10-2004:00:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2004-0777

format string vulnerability

courier-imap

remote code execution

security vulnerability

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.083 Low

EPSS

Percentile

94.3%

JSON

Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.

CPENameOperatorVersion
inter7:courier-imapinter7 courier-imapeq2.2.1
inter7:courier-imapinter7 courier-imapeq2.1.2
inter7:courier-imapinter7 courier-imapeq2.1.1
inter7:courier-imapinter7 courier-imapeq1.7
inter7:courier-imapinter7 courier-imapeq2.2.0
inter7:courier-imapinter7 courier-imapeq1.6
inter7:courier-imapinter7 courier-imapeq2.0.0
inter7:courier-imapinter7 courier-imapeq2.1

CPE	Name	Operator	Version
inter7:courier-imap	inter7 courier-imap	eq	2.2.1
inter7:courier-imap	inter7 courier-imap	eq	2.1.2
inter7:courier-imap	inter7 courier-imap	eq	2.1.1
inter7:courier-imap	inter7 courier-imap	eq	1.7
inter7:courier-imap	inter7 courier-imap	eq	2.2.0
inter7:courier-imap	inter7 courier-imap	eq	1.6
inter7:courier-imap	inter7 courier-imap	eq	2.0.0
inter7:courier-imap	inter7 courier-imap	eq	2.1