CVE-2008-3606

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.

Published: Aug 12, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3606
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
qbik / wingate	4.4.0-beta_a	4.4.0-beta_a.x
qbik / wingate	6.0.4.1025	6.0.4.1025.x
qbik / wingate	5.1	5.1.x
qbik / wingate	6.1.1.1077	6.1.1.1077.x
qbik / wingate	3.0.5	3.0.5.x
qbik / wingate	5.2	5.2.x
qbik / wingate	-	6.2.2.x
qbik / wingate	4.4.1	4.4.1.x
qbik / wingate	6.0.0.984	6.0.0.984.x
qbik / wingate	5.2.2	5.2.2.x
qbik / wingate	5.0.0	5.0.0.x
qbik / wingate	6.0	6.0.x
qbik / wingate	4.2.0	4.2.0.x
qbik / wingate	6.1.2.1094	6.1.2.1094.x
qbik / wingate	6.0.2.1000	6.0.2.1000.x
qbik / wingate	5.0.5	5.0.5.x
qbik / wingate	6.1.3.1096	6.1.3.1096.x
qbik / wingate	2.1	2.1.x
qbik / wingate	6.2.1	6.2.1.x
qbik / wingate	6.0.2.1001	6.0.2.1001.x
qbik / wingate	4.1-beta_a	4.1-beta_a.x
qbik / wingate	6.0.1.993	6.0.1.993.x
qbik / wingate	4.3.0	4.3.0.x
qbik / wingate	6.0.1.995	6.0.1.995.x
qbik / wingate	4.1.1	4.1.1.x
qbik / wingate	5.2.3	5.2.3.x
qbik / wingate	4.5.0-beta_b	4.5.0-beta_b.x
qbik / wingate	4.3.0-beta_b	4.3.0-beta_b.x
qbik / wingate	4.3.0-beta_a	4.3.0-beta_a.x
qbik / wingate	4.0.1	4.0.1.x
qbik / wingate	3.0	3.0.x
qbik / wingate	4.4.0	4.4.0.x
qbik / wingate	2.0	2.0.x
qbik / wingate	6.1.4	6.1.4.x
qbik / wingate	4.5.2	4.5.2.x
qbik / wingate	4.5.0-beta_a	4.5.0-beta_a.x
qbik / wingate	6.2.2.1137	6.2.2.1137.x
qbik / wingate	4.1.0	4.1.0.x
qbik / wingate	4.4.2	4.4.2.x
qbik / wingate	5.0	5.0.x
qbik / wingate	5.0.1.766	5.0.1.766.x
qbik / wingate	6.0.3.1005	6.0.3.1005.x
qbik / wingate	5.0.1	5.0.1.x
qbik / wingate	4.5.1	4.5.1.x

Vulnerability Database

290,018

CVE-2008-3606