Japan Vulnerability NotesJVN:29641290JVN#29641290 Becky! Internet Mail buffer overflow vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.082 Low
EPSS
Percentile
94.4%
Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests.
Impact
If the user views a specially crafted email and allows a read receipt to be sent, arbitrary code may be executed.
Solution
Update the Software
Apply the latest updates provided by the vendor.
Workarounds
As a workaround to this vulnerability, in “General Setup”, modify the setting for “How to respond to a request for ‘read receipt’” to “ignore” until an update is completed.
Products Affected
- Becky! Internet Mail Ver.2.48.02 and eariler
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.082 Low
EPSS
Percentile
94.4%