CVE-2009-0363

2009-02-1717:30:05

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-0363

buffer overflow

barnowl

owl

arbitrary code execution

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.106 Low

EPSS

Percentile

95.1%

JSON

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.

Affected configurations

NVD

Node

barnowlbarnowlRange≤1.0.4.1

barnowlbarnowlMatch1.0.0

barnowlbarnowlMatch1.0.1

barnowlbarnowlMatch1.0.2

barnowlbarnowlMatch1.0.2.1

barnowlbarnowlMatch1.0.3

barnowlbarnowlMatch1.0.4

Node

ktoolsowlMatch2.1.11

CPENameOperatorVersion
barnowl:barnowlbarnowlle1.0.4.1
barnowl:barnowlbarnowleq1.0.0
barnowl:barnowlbarnowleq1.0.1
barnowl:barnowlbarnowleq1.0.2
barnowl:barnowlbarnowleq1.0.2.1
barnowl:barnowlbarnowleq1.0.3
barnowl:barnowlbarnowleq1.0.4

CPE	Name	Operator	Version
barnowl:barnowl	barnowl	le	1.0.4.1
barnowl:barnowl	barnowl	eq	1.0.0
barnowl:barnowl	barnowl	eq	1.0.1
barnowl:barnowl	barnowl	eq	1.0.2
barnowl:barnowl	barnowl	eq	1.0.2.1
barnowl:barnowl	barnowl	eq	1.0.3
barnowl:barnowl	barnowl	eq	1.0.4