7.5

CVE-2009-0363

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BarnowlBarnowl Version <= 1.0.4.1
BarnowlBarnowl Version1.0.0
BarnowlBarnowl Version1.0.1
BarnowlBarnowl Version1.0.2
BarnowlBarnowl Version1.0.2.1
BarnowlBarnowl Version1.0.3
BarnowlBarnowl Version1.0.4
KtoolsOwl Version2.1.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.38% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://barnowl.mit.edu/browser/ChangeLog
Vendor Advisory
http://barnowl.mit.edu/wiki/barnowl-1.0.5-announce
Vendor Advisory
http://bugs.debian.org/515118
http://www.mail-archive.com/debian-testing-security-announce%40lists.debian.org/msg00173.html
https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165
https://exchange.xforce.ibmcloud.com/vulnerabilities/48824