CVE-2012-0802

Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/47548	Vendor Advisory
http://secunia.com/advisories/48257	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201203-01.xml
http://www.mail-archive.com/spamdyke-release%40spamdyke.org/msg00014.html
http://www.openwall.com/lists/oss-security/2012/01/23/5
http://www.osvdb.org/78351
http://www.securityfocus.com/bid/51440
http://www.spamdyke.org/documentation/Changelog.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:spamdyke:spamdyke::::::::
	cpe:2.3:a:spamdyke:spamdyke:3.0.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.0.1:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.1:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.2:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.3:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.4:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.5:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.6:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.7:::::::*
	cpe:2.3:a:spamdyke:spamdyke:3.1.8:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.0:beta1::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.0:beta2::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.0:beta3::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.0:rc1::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.1:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.2:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.3:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.4:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.5:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.5:beta1::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.5:beta2::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.5:beta3::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.5:beta4::::::
	cpe:2.3:a:spamdyke:spamdyke:4.0.6:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.7:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.8:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.9:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.0.10:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.1.0:::::::*
	cpe:2.3:a:spamdyke:spamdyke:4.2.0:::::::*

History

07 Nov 2023, 02:10

Type	Values Removed	Values Added
References	~~{'url': 'http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html', 'name': '[spamdyke-release] 20120115 New version: spamdyke 4.3.0', 'tags': [], 'refsource': 'MLIST'}~~	() http://www.mail-archive.com/spamdyke-release%40spamdyke.org/msg00014.html -

Information

Published : 2012-06-19 20:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-0802

Mitre link : CVE-2012-0802

CVE.ORG link : CVE-2012-0802

JSON object : View

Products Affected

spamdyke

spamdyke

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10