FreeBSD98BD69C3-834B-11D8-A41F-0020ED76EF5ACourier mail services: remotely exploitable buffer overflows
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.7%
The Courier set of mail services use a common Unicode
library. This library contains buffer overflows in the
converters for two popular Japanese character encodings.
These overflows may be remotely exploitable, triggered by
a maliciously formatted email message that is later processed
by one of the Courier mail services.
From the release notes for the corrected versions of the
Courier set of mail services:
iso2022jp.c: Converters became (upper-)compatible with
ISO-2022-JP (RFC1468 / JIS X 0208:1997 Annex 2) and
ISO-2022-JP-1 (RFC2237). Buffer overflow vulnerability
(when Unicode character is out of BMP range) has been
closed. Convert error handling was implemented.
shiftjis.c: Broken SHIFT_JIS converters has been fixed
and became (upper-)compatible with Shifted Encoding Method
(JIS X 0208:1997 Annex 1). Buffer overflow vulnerability
(when Unicode character is out of BMP range) has been
closed. Convert error handling was implemented.
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.7%