PT-2003-1506 · Balsa+1 · Balsa+1

Timo Sirainen

Published

2003-05-15

Updated

2016-10-18

CVE-2003-0299

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: mutt version 1.4.1 Balsa version 2.0.10

Description: The issue allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.

Recommendations: For mutt version 1.4.1, consider updating to a newer version that addresses the issue. For Balsa version 2.0.10, consider updating to a newer version that addresses the issue. As a temporary workaround, consider restricting access to untrusted IMAP servers to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0299

Affected Products

Balsa

Mutt

PT-2003-1506 · Balsa+1 · Balsa+1

CVE-2003-0299

Related Identifiers

Affected Products

References · 2