Description
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
Product(s):
- Washington Pine
- University of Washington Pine 0.9.439
- University of Washington Pine 0.9.500
- University of Washington Pine 0.9.600
- University of Washington Pine 0.9.650
- University of Washington Pine 1.0.14.100
- University of Washington Pine 1.0.15.150
- University of Washington Pine 1.0.16.100
- University of Washington Pine 1.0.16.1
- University of Washington Pine 1.0.17.1
- University of Washington Pine 1.0.19.1
- University of Washington Pine 1.0.20.1
- University of Washington Pine 1.0.21.1
- University of Washington Pine 1.0.22.1
- University of Washington Pine 1.0.23.1
- University of Washington Pine 1.0.24.1
- University of Washington Pine 1.0.25
- University of Washington Pine 1.0.26
- University of Washington Pine 1.0.3
- University of Washington Pine 2.0
- University of Washington Pine 2.10
- University of Washington Pine 2.15
- University of Washington Pine 2.1
- University of Washington Pine 2.20
- University of Washington Pine 2.21
- University of Washington Pine 2.24
- University of Washington Pine 2.25
- University of Washington Pine 2.26
- University of Washington Pine 2.27
- University of Washington Pine 2.28
- University of Washington Pine 2.29
- University of Washington Pine 2.2
- University of Washington Pine 2.30
- University of Washington Pine 2.31
- University of Washington Pine 2.32
- University of Washington Pine 2.33
- University of Washington Pine 2.3
- University of Washington Pine 2.4
- University of Washington Pine 3.00
- University of Washington Pine 3.01
- University of Washington Pine 3.02
- University of Washington Pine 3.03
- University of Washington Pine 3.04
- University of Washington Pine 3.05
- University of Washington Pine 3.06
- University of Washington Pine 3.07
- University of Washington Pine 3.50
- University of Washington Pine 3.51
- University of Washington Pine 3.52
- University of Washington Pine 3.73
- University of Washington Pine 3.80
- University of Washington Pine 3.81
- University of Washington Pine 3.83
- University of Washington Pine 3.84
- University of Washington Pine 3.85
- University of Washington Pine 3.86
- University of Washington Pine 3.87
- University of Washington Pine 3.88
- University of Washington Pine 3.89
- University of Washington Pine 3.90
- University of Washington Pine 3.91
- University of Washington Pine 3.92
- University of Washington Pine 3.93
- University of Washington Pine 3.94
- University of Washington Pine 3.95
- University of Washington Pine 3.95 Patch
- University of Washington Pine 3.96
- University of Washington Pine 4.00
- University of Washington Pine 4.01
- University of Washington Pine 4.02
- University of Washington Pine 4.02 Patch
- University of Washington Pine 4.03
- University of Washington Pine 4.04
- University of Washington Pine 4.05
- University of Washington Pine 4.10
- University of Washington Pine 4.20
- University of Washington Pine 4.21
- University of Washington Pine 4.30
- University of Washington Pine 4.31
- University of Washington Pine 4.32
- University of Washington Pine 4.33
- University of Washington Pine 4.40
- University of Washington Pine 4.41
- University of Washington Pine 4.42
- University of Washington Pine 4.43
- University of Washington Pine 4.44
- University of Washington Pine 4.50
- University of Washington Pine 4.51
- University of Washington Pine 4.52
- University of Washington Pine 4.53
- University of Washington Pine 4.55
- University of Washington Pine 4.56
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0721, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0721 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.