CVE-2005-1513 — CRITICAL (9.8)

Vulnerability Description

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qmail Project	Qmail	-
Canonical	Ubuntu Linux	20.04
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-190

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0101.htmlBroken LinkExploit
http://packetstormsecurity.com/files/157805/Qualys-Security-Advisory-Qmail-RemotExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-RemThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-EscalExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jun/27Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/May/42ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2023/Jun/2ExploitMailing ListThird Party Advisory
http://securitytracker.com/id?1013911Broken LinkExploitThird Party Advisory
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.htmlBroken LinkExploit
http://www.openwall.com/lists/oss-security/2020/05/19/8ExploitMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/05/20/2Mailing List
http://www.openwall.com/lists/oss-security/2020/05/20/5Mailing List
http://www.openwall.com/lists/oss-security/2020/06/16/2Mailing List
http://www.openwall.com/lists/oss-security/2023/06/06/3ExploitMailing List
https://lists.debian.org/debian-lts-announce/2020/06/msg00002.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2005-1513?

CVE-2005-1513 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly ...

How severe is CVE-2005-1513?

CVE-2005-1513 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2005-1513?

Check the references section above for vendor advisories and patch information. Affected products include: Qmail Project Qmail, Canonical Ubuntu Linux, Debian Debian Linux.