{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2009-2632","title":"Title"},{"category":"description","text":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2009-2632","url":"https://www.suse.com/security/cve/CVE-2009-2632"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 537128 for CVE-2009-2632","url":"https://bugzilla.suse.com/537128"},{"category":"external","summary":"SUSE Bug 539876 for CVE-2009-2632","url":"https://bugzilla.suse.com/539876"},{"category":"external","summary":"SUSE Bug 539877 for CVE-2009-2632","url":"https://bugzilla.suse.com/539877"},{"category":"external","summary":"Advisory link for SUSE-SR:2009:016","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62/#ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62"}],"title":"SUSE CVE CVE-2009-2632","tracking":{"current_release_date":"2023-12-09T03:36:12Z","generator":{"date":"2023-02-15T06:03:14Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2009-2632","initial_release_date":"2023-02-15T06:03:14Z","revision_history":[{"date":"2023-02-15T06:03:14Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:13:20Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:36:12Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}