Search for vulnerabilities
Vulnerability details: VCID-w72q-d7gw-aaam
Vulnerability ID VCID-w72q-d7gw-aaam
Aliases CVE-2007-2683
Summary Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0386
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2007-2683
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=239890
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2007-2683
Reference id Reference type URL
http://dev.mutt.org/trac/ticket/2885
http://osvdb.org/34973
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2683.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2683
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2683
http://secunia.com/advisories/25408
http://secunia.com/advisories/25515
http://secunia.com/advisories/25529
http://secunia.com/advisories/25546
http://secunia.com/advisories/26415
https://exchange.xforce.ibmcloud.com/vulnerabilities/34441
https://issues.rpath.com/browse/RPL-1391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.securityfocus.com/bid/24192
http://www.securitytracker.com/id?1018066
http://www.trustix.org/errata/2007/0024/
239890 https://bugzilla.redhat.com/show_bug.cgi?id=239890
426116 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426116
cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.4.2:*:*:*:*:*:*:*
CVE-2007-2683 https://nvd.nist.gov/vuln/detail/CVE-2007-2683
CVE-2007-2683;OSVDB-34973 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/30093.txt
CVE-2007-2683;OSVDB-34973 Exploit https://www.securityfocus.com/bid/24192/info
RHSA-2007:0386 https://access.redhat.com/errata/RHSA-2007:0386
Data source Exploit-DB
Date added May 28, 2007
Description Mutt 1.4.2 - Mutt_Gecos_Name Function Local Buffer Overflow
Ransomware campaign use Known
Source publication date May 28, 2007
Exploit type local
Platform linux
Source update date Dec. 7, 2013
Source URL https://www.securityfocus.com/bid/24192/info
Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2683
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.00344
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.