CVE-2008-2829 (retired)

Priority
Description
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API
calls that allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a long IMAP request, which
triggers an "rfc822.c legacy routine buffer overflow" error message,
related to the rfc822_write_address function.
Notes
 mdeslaur> The imap plugin is in a separate package (php-imap).
 mdeslaur> Although usn-628-1 patched the php source for this, the code
 mdeslaur> is not actually built.
Package
Source: php4 (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.2.6-2)
More Information

Updated: 2019-03-26 11:44:20 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)