Vulnerability Description
Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barnowl | Barnowl | <= 1.0.4.1 |
| Ktools | Owl | 2.1.11 |
Related Weaknesses (CWE)
References
- http://barnowl.mit.edu/browser/ChangeLogVendor Advisory
- http://barnowl.mit.edu/wiki/barnowl-1.0.5-announceVendor Advisory
- http://bugs.debian.org/515118
- http://www.mail-archive.com/debian-testing-security-announce%40lists.debian.org/
- https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48824
- http://barnowl.mit.edu/browser/ChangeLogVendor Advisory
- http://barnowl.mit.edu/wiki/barnowl-1.0.5-announceVendor Advisory
- http://bugs.debian.org/515118
- http://www.mail-archive.com/debian-testing-security-announce%40lists.debian.org/
- https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48824
FAQ
What is CVE-2009-0363?
CVE-2009-0363 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a...
How severe is CVE-2009-0363?
CVE-2009-0363 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0363?
Check the references section above for vendor advisories and patch information. Affected products include: Barnowl Barnowl, Ktools Owl.