7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.7%
The Courier set of mail services use a common Unicode
library. This library contains buffer overflows in the
converters for two popular Japanese character encodings.
These overflows may be remotely exploitable, triggered by
a maliciously formatted email message that is later processed
by one of the Courier mail services.
From the release notes for the corrected versions of the
Courier set of mail services:
iso2022jp.c: Converters became (upper-)compatible with
ISO-2022-JP (RFC1468 / JIS X 0208:1997 Annex 2) and
ISO-2022-JP-1 (RFC2237). Buffer overflow vulnerability
(when Unicode character is out of BMP range) has been
closed. Convert error handling was implemented.
shiftjis.c: Broken SHIFT_JIS converters has been fixed
and became (upper-)compatible with Shifted Encoding Method
(JIS X 0208:1997 Annex 1). Buffer overflow vulnerability
(when Unicode character is out of BMP range) has been
closed. Convert error handling was implemented.