CVE-2009-0363

Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
barnowlbarnowl
𝑥
≤ 1.0.4.1
barnowlbarnowl
1.0.0
barnowlbarnowl
1.0.1
barnowlbarnowl
1.0.2
barnowlbarnowl
1.0.2.1
barnowlbarnowl
1.0.3
barnowlbarnowl
1.0.4
ktoolsowl
2.1.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
barnowl
sid
1.10-2
fixed
trixie
1.10-2
fixed
bookworm
1.10-2
fixed
bullseye
1.10-2
fixed
lenny
no-dsa
etch
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
barnowl
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
dne
gutsy
dne
dapper
dne
owl
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored