CVE-2009-3838

Pmail Pegasus Mail - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textremotewindows

https://www.exploit-db.com/exploits/9957

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://osvdb.org/59261

[Vendor Advisory] http://secunia.com/advisories/37134

[Exploit] http://www.packetstormsecurity.org/0910-exploits/pegasusmc-dos.txt

[Exploit] http://www.securityfocus.com/bid/36797

[Exploit] http://www.securitytracker.com/id?1023075

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/3026

[Vendor Advisory] http://www.vupen.com/exploits/Pegasus_Mail_POP3_Message_Handling_Remote_Buffer_Overflow_Exploit_3026233.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53933

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507377/100/0/threaded

Scores

EPSS 0.2336

EPSS Percentile 95.9%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

pmail/pegasus_mail

Timeline

Published Nov 02, 2009

Tracked Since Feb 18, 2026