CVE-2005-0102

CRITICAL

Gnome Evolution < 2.0.2 - Integer Overflow

Title source: rule

Description

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

References (12)

[Broken Link, Patch, Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925

[Broken Link] http://secunia.com/advisories/13830

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200501-35.xml

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1012981

[Mailing List, Patch, Third Party Advisory] http://www.debian.org/security/2005/dsa-673

[Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:024

[Broken Link] http://www.redhat.com/support/errata/RHSA-2005-238.html

[Broken Link, Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-397.html

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/12354

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19031

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9616

[Broken Link] https://usn.ubuntu.com/69-1/

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-190

Status draft

Affected Products (2)

gnome/evolution < 2.0.2

debian/debian_linux

Timeline

Published Jan 24, 2005

Tracked Since Feb 18, 2026