{"containers": {"cna": {"affected": [{"product": "ytnef", "vendor": "n/a", "versions": [{"status": "affected", "version": "ytnef 2.8"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-26T21:06:53", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2009-013.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3721", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ytnef", "version": {"version_data": [{"version_value": "ytnef 2.8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=521662", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}, {"name": "http://www.ocert.org/advisories/ocert-2009-013.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2009-013.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:38:30.319Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2009-013.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3721", "datePublished": "2021-05-26T21:06:53", "dateReserved": "2009-10-16T00:00:00", "dateUpdated": "2024-08-07T06:38:30.319Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*", "matchCriteriaId": "6606C39B-8137-44B6-A96E-E0B8F67FAFFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFC4283F-0346-410E-9D65-33C2B6143753", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments."}, {"lang": "es", "value": "Se detectaron m\u00faltiples vulnerabilidades de salto de directorio y desbordamiento de b\u00fafer en yTNEF, y en el analizador TNEF de Evolution que deriva de yTNEF. Un correo electr\u00f3nico dise\u00f1ado podr\u00eda causar que estas aplicaciones escriban datos en ubicaciones arbitrarias en el sistema de archivos, bloqueen, o potencialmente ejecuten c\u00f3digo arbitrario cuando se decodifican archivos adjuntos"}], "id": "CVE-2009-3721", "lastModified": "2024-11-21T01:08:03.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-26T22:15:07.697", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ocert.org/advisories/ocert-2009-013.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ocert.org/advisories/ocert-2009-013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "evolution: TNEF attachment decoder input sanitization errors (oCERT-2009-013)", "id": "521662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521662"}, "csaw": false, "details": ["Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.", "Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments."], "name": "CVE-2009-3721", "public_date": "2009-09-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3721\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3721"], "threat_severity": "Important"}