Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2008-0072

Use of Externally-Controlled Format String

Published: Mar 06, 2008 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
HIGH
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2008-0072
CWEhttps://cwe.mitre.org/data/definitions/134.html

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * *
Red Hat Enterprise Linux 4 RedHat evolution-0:2.0.2-35.0.4.el4_6.1 *
Red Hat Enterprise Linux 4 RedHat evolution28-0:2.8.0-53.el4_6.2 *
Red Hat Enterprise Linux 4.5 Z Stream RedHat evolution-0:2.0.2-35.0.4.el4_5.1 *
Red Hat Enterprise Linux 5 RedHat evolution-0:2.8.0-40.el5_1.1 *
Evolution Ubuntu dapper *
Evolution Ubuntu devel *
Evolution Ubuntu edgy *
Evolution Ubuntu feisty *
Evolution Ubuntu gutsy *
Evolution Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use