CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.0%
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
Vendor | Product | Version | CPE |
---|---|---|---|
barnowl | barnowl | * | cpe:2.3:a:barnowl:barnowl:*:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.0 | cpe:2.3:a:barnowl:barnowl:1.0.0:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.1 | cpe:2.3:a:barnowl:barnowl:1.0.1:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.2 | cpe:2.3:a:barnowl:barnowl:1.0.2:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.2.1 | cpe:2.3:a:barnowl:barnowl:1.0.2.1:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.3 | cpe:2.3:a:barnowl:barnowl:1.0.3:*:*:*:*:*:*:* |
barnowl | barnowl | 1.0.4 | cpe:2.3:a:barnowl:barnowl:1.0.4:*:*:*:*:*:*:* |
ktools | owl | 2.1.11 | cpe:2.3:a:ktools:owl:2.1.11:*:*:*:*:*:*:* |