Vulnerability Description
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Double Precision Incorporated | Courier Mta | 0.43 |
| Double Precision Incorporated | Sqwebmail | 3.5.2 |
| Inter7 | Courier-Imap | 1.6 |
| Gentoo | Linux | 1.4 |
References
- http://secunia.com/advisories/11087/PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=5767Vendor Advisory
- http://www.securityfocus.com/bid/9845PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15434
- http://secunia.com/advisories/11087/PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=5767Vendor Advisory
- http://www.securityfocus.com/bid/9845PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15434
FAQ
What is CVE-2004-0224?
CVE-2004-0224 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when...
How severe is CVE-2004-0224?
CVE-2004-0224 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0224?
Check the references section above for vendor advisories and patch information. Affected products include: Double Precision Incorporated Courier Mta, Double Precision Incorporated Sqwebmail, Inter7 Courier-Imap, Gentoo Linux.