cpe:/a:barnowl:barnowl:1.0.0 cpe:/a:barnowl:barnowl:1.0.1 cpe:/a:barnowl:barnowl:1.0.2 cpe:/a:barnowl:barnowl:1.0.2.1 cpe:/a:barnowl:barnowl:1.0.3 cpe:/a:barnowl:barnowl:1.0.4 cpe:/a:barnowl:barnowl:1.0.4.1 cpe:/a:ktools:owl:2.1.11 CVE-2009-0363 2009-02-17T12:30:05.890-05:00 2017-08-07T21:33:54.500-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-17T14:29:00.000-05:00 ALLOWS_USER_ACCESS MLIST [debian-testing-security-announce] 20090213 Security update for Debian Testing - 2009-02-14 XF barnowl-owl-zcrypt-bo(48824) CONFIRM http://barnowl.mit.edu/browser/ChangeLog CONFIRM http://barnowl.mit.edu/wiki/barnowl-1.0.5-announce CONFIRM http://bugs.debian.org/515118 CONFIRM https://bugs.launchpad.net/ubuntu/+source/owl/+bug/329165 Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.