製品・ソフトウェアに関する情報

JVN脆弱性詳細

Sylpheed および Sylpheed-Claws の src/inc.c におけるフォーマットストリングの脆弱性

Title	Sylpheed および Sylpheed-Claws の src/inc.c におけるフォーマットストリングの脆弱性
Summary	Sylpheed および Sylpheed-Claws (Claws Mail) の src/inc.c の inc_put_error 関数には、フォーマットストリングの脆弱性が存在します。
Possible impacts	リモート POP3 サーバにより、巧妙に細工された返信内のフォーマットストリング指定子を介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 27, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

Sylpheed

Sylpheed 2.4.4

sylpheed-claws

sylpheed-claws 1.9.100 および 2.10.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2958	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958
National Vulnerability Database (NVD)
2	CVE-2007-2958	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2958

ベンダー情報

No	Name	URL
Sylpheed
1	Sylpheed	http://sylpheed.en.softonic.com/
sylpheed-claws
2	Top Page	http://www.claws-mail.org/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2958

Summary	Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Summary	Vulnerabilidad de formato de cadena en la función inc_put_error en src/inc.c en Sylpheed 2.4.4, y Sylpheed-Claws (Claws Mail) 1.9.100 y 2.10.0, permite a servidores POP3 remotos ejecutar código de su elección a través de especificaciones de formato de cadena en respuestas manipuladas.
Publication Date	Aug. 28, 2007, 2:17 a.m.
Registration Date	Jan. 29, 2021, 2:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sylpheed:sylpheed:2.4.4:::::::*
cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100:::::::*
cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0:::::::*

Related information, measures and tools

No	URL	refsource
1	http://bugs.gentoo.org/show_bug.cgi?id=190104	PSIRT-CNA@flexerasoftware.com
2	http://osvdb.org/40184	PSIRT-CNA@flexerasoftware.com
3	http://secunia.com/advisories/26550	PSIRT-CNA@flexerasoftware.com
4	http://secunia.com/advisories/26610	PSIRT-CNA@flexerasoftware.com
5	http://secunia.com/advisories/27229	PSIRT-CNA@flexerasoftware.com
6	http://secunia.com/advisories/27379	PSIRT-CNA@flexerasoftware.com
7	http://secunia.com/secunia_research/2007-70/advisory/	PSIRT-CNA@flexerasoftware.com
8	http://security.gentoo.org/glsa/glsa-200710-29.xml	PSIRT-CNA@flexerasoftware.com
9	http://www.novell.com/linux/security/advisories/2007_20_sr.html	PSIRT-CNA@flexerasoftware.com
10	http://www.securityfocus.com/bid/25430	PSIRT-CNA@flexerasoftware.com
11	http://www.vupen.com/english/advisories/2007/2971	PSIRT-CNA@flexerasoftware.com
12	https://bugzilla.redhat.com/show_bug.cgi?id=254121	PSIRT-CNA@flexerasoftware.com
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/36238	PSIRT-CNA@flexerasoftware.com
14	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html	PSIRT-CNA@flexerasoftware.com
15	http://bugs.gentoo.org/show_bug.cgi?id=190104	af854a3a-2127-422b-91ae-364da2661108
16	http://osvdb.org/40184	af854a3a-2127-422b-91ae-364da2661108
17	http://secunia.com/advisories/26550	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/advisories/26610	af854a3a-2127-422b-91ae-364da2661108
19	http://secunia.com/advisories/27229	af854a3a-2127-422b-91ae-364da2661108
20	http://secunia.com/advisories/27379	af854a3a-2127-422b-91ae-364da2661108
21	http://secunia.com/secunia_research/2007-70/advisory/	af854a3a-2127-422b-91ae-364da2661108
22	http://security.gentoo.org/glsa/glsa-200710-29.xml	af854a3a-2127-422b-91ae-364da2661108
23	http://www.novell.com/linux/security/advisories/2007_20_sr.html	af854a3a-2127-422b-91ae-364da2661108
24	http://www.securityfocus.com/bid/25430	af854a3a-2127-422b-91ae-364da2661108
25	http://www.vupen.com/english/advisories/2007/2971	af854a3a-2127-422b-91ae-364da2661108
26	https://bugzilla.redhat.com/show_bug.cgi?id=254121	af854a3a-2127-422b-91ae-364da2661108
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/36238	af854a3a-2127-422b-91ae-364da2661108
28	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List