CVE-2008-5620

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
roundcubewebmail
𝑥
≤ 0.2
roundcubewebmail
0.1
roundcubewebmail
0.1:20050811
roundcubewebmail
0.1:20050820
roundcubewebmail
0.1:20051007
roundcubewebmail
0.1:20051021
roundcubewebmail
0.1:alpha
roundcubewebmail
0.1:beta
roundcubewebmail
0.1:beta2
roundcubewebmail
0.1:rc1
roundcubewebmail
0.1:rc2
roundcubewebmail
0.1:stable
roundcubewebmail
0.1.1
roundcubewebmail
0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
roundcube
bullseye (security)
1.4.15+dfsg.1-1+deb11u4
fixed
bullseye
1.4.15+dfsg.1-1+deb11u4
fixed
bookworm
1.6.5+dfsg-1+deb12u4
fixed
bookworm (security)
1.6.5+dfsg-1+deb12u4
fixed
sid
1.6.9+dfsg-1
fixed
trixie
1.6.9+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
roundcube
intrepid
Fixed 0.1.1-7ubuntu0.1
released
hardy
Fixed 0.1~rc2-6ubuntu0.1
released
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://sourceforge.net/forum/forum.php?forum_id=898542
http://www.vupen.com/english/advisories/2008/3418
https://exchange.xforce.ibmcloud.com/vulnerabilities/47550
http://sourceforge.net/forum/forum.php?forum_id=898542
http://www.vupen.com/english/advisories/2008/3418
https://exchange.xforce.ibmcloud.com/vulnerabilities/47550