CVE-2009-2356

NullLogic Groupware 1.2.7 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1817
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504737/100/0/threaded

Scores

EPSS 0.0393
EPSS Percentile 89.1%

Details

CWE
CWE-119
Status published
Products (1)
dan_cahill/nulllogic_groupware 1.2.7
Published Jul 07, 2009
Tracked Since Feb 18, 2026