{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-09-28T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}, {"name": "SUSE-SR:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"}, {"name": "25777", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25777"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"}, {"name": "26987", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26987"}, {"name": "[ANNOUNCE] 20070907 balsa-2.3.20 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"}, {"name": "ADV-2007-3263", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3263"}, {"name": "27272", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27272"}, {"name": "40585", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40585"}, {"name": "GLSA-200710-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"}, {"name": "26947", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26947"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.gentoo.org/show_bug.cgi?id=193179", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=297581", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}, {"name": "SUSE-SR:2007:019", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"}, {"name": "25777", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25777"}, {"name": "http://bugzilla.gnome.org/show_bug.cgi?id=474366", "refsource": "CONFIRM", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"}, {"name": "26987", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26987"}, {"name": "[ANNOUNCE] 20070907 balsa-2.3.20 released", "refsource": "MLIST", "url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"}, {"name": "ADV-2007-3263", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3263"}, {"name": "27272", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27272"}, {"name": "40585", "refsource": "OSVDB", "url": "http://osvdb.org/40585"}, {"name": "GLSA-200710-17", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"}, {"name": "26947", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26947"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}, {"name": "SUSE-SR:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"}, {"name": "25777", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25777"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"}, {"name": "26987", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26987"}, {"name": "[ANNOUNCE] 20070907 balsa-2.3.20 released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"}, {"name": "ADV-2007-3263", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3263"}, {"name": "27272", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27272"}, {"name": "40585", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40585"}, {"name": "GLSA-200710-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"}, {"name": "26947", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26947"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5007", "datePublished": "2007-09-20T20:00:00.000Z", "dateReserved": "2007-09-20T00:00:00.000Z", "dateUpdated": "2024-08-07T15:17:27.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:balsa:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "950C09DA-EAEA-4DE7-8A5E-ED9E82C653F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B1BCE579-53AC-4B05-9E33-ACDA345D5B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C0E134F-93E3-4754-98A5-E6917853C99B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D0FCECC-E287-486D-A8C1-CA952F4FBC67", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9EAE6454-3B98-4AC8-8C03-4943F168AEF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "91C14FE8-1596-4C1C-924D-D296EDB8FB9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "7225E52A-13A9-4283-8B00-D22C47358871", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "C7927268-514A-45C8-9A03-CF33426B2875", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "AFC7FF7A-856E-42BC-9129-A1B28F508EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "871512E9-340D-4BC3-A2C0-5D160E6F4004", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "596A3E04-CB96-4DFE-AE7C-B506DD3C54D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "209D1628-7C99-4722-8038-B835BDE57B5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8E8B391-160B-49E0-8505-AA0E625A792C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1.90:*:*:*:*:*:*:*", "matchCriteriaId": "EB30197C-3991-469D-83E9-9EBE17BFA59F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.1.91:*:*:*:*:*:*:*", "matchCriteriaId": "C5BCD53C-61D5-49E2-8854-F8F8021DAA85", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA6D9C1F-A67A-4E1F-B6BE-9F98F9998DDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B88D420-12D1-4196-9B6C-3A6BD4F4371C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4FDDFC9F-A654-4644-9E8C-6F5902BFC51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "EAFC41E5-6000-44B8-A7AC-426185E8FAB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "38D0233D-CCFC-47C0-B4D6-5F5F91A6260A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FBA69D3A-E357-4B2A-9E9C-2CADA91E45A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "9506DE3C-AD8D-4128-AA5A-1B72465B73AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E1A9132B-91DC-404D-A3CA-69457DB75A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "943CFC36-8856-4D8B-A7E5-DF1458769EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "46DE94C8-F5D4-4D8C-AF9C-0290F24575AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "8B6C96C8-34EE-4C10-BB16-A093CB626FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B8C116A3-1F8B-4F6B-8056-0685C9DAF9CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "1134D391-A0CF-41AD-B871-423F1929BA58", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "50F69A80-C311-4840-AF70-ABDDB2D006EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "79156072-C833-4C7A-A07A-71DDC5BDCB4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "2BA4632D-4729-42A3-8778-C02F50D95C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "0F968DAE-A85A-483E-918F-45DA7CD5C0E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "6730AE89-6168-47FA-8C3C-8A54A8CF0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "61899224-39E2-485A-BD02-D0F596D0C3B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "0A3C98B1-04E7-4FB9-BBCA-A0CAC5C85453", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "850D4CD2-1F1F-43B7-8DD0-00985F059637", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "9A426AAD-E53A-4BCF-ADA2-A25215F36EA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "6A81A463-B9DF-4626-BA1F-0386D77A3BC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "BDDA6B44-CB69-47FA-AC29-1A5D7BA14080", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:balsa:2.3.19:*:*:*:*:*:*:*", "matchCriteriaId": "401E38DB-D54C-49B0-93B6-2DDE6FA93F6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ir_fetch_seq de balsa anterior a 2.3.20 pod\u00eda permitir a servidores IMAP remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta larga para un comando FETCH."}], "id": "CVE-2007-5007", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-12T22:10:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"}, {"source": "cve@mitre.org", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/40585"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26947"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26987"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27272"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25777"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3263"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=193179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.gnome.org/show_bug.cgi?id=474366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://mail.gnome.org/archives/balsa-list/2007-September/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-17.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_19_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25777"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1.", "lastModified": "2008-01-09T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "balsa: IMAP server triggerred stack overflow", "id": "297581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297581"}, "csaw": false, "details": ["Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command."], "name": "CVE-2007-5007", "public_date": "2007-09-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-5007"], "statement": "Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1.", "threat_severity": "Moderate"}

{}