CVE-2009-0587 – evolution-data-server: integer overflow in base64 encoding functions

https://notcve.org/view.php?id=CVE-2009-0587

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de una cadena demasiado larga que es convertida en una representación en base64 en (1) addressbook/libebook/e-vcard.c en evc o (2) camel/camel-mime-utils.c en libcamel. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://osvdb.org/52702 http://osvdb.org/52703 http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://secunia.com/advisories/34348 http://secunia.com/advisories/34351 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •