CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3838

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile38.53th
PublishedNov 2, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

Affected Platforms (CPE)

πŸ“¦
Pmail

Pegasus Mail

= 4.41
πŸ“¦
Pmail

Pegasus Mail

= 4.51

References & Advisories

πŸ”— http://osvdb.org/59261
πŸ”— http://secunia.com/advisories/37134
πŸ”— http://www.packetstormsecurity.org/0910-exploits/pegasusmc-dos.txt
πŸ”— http://www.securityfocus.com/archive/1/507377/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/36797
πŸ”— http://www.securitytracker.com/id?1023075
πŸ”— http://www.vupen.com/english/advisories/2009/3026
πŸ”— http://www.vupen.com/exploits/Pegasus_Mail_POP3_Message_Handling_Remote_Buffer_Overflow_Exploit_3026233.php

Related Vulnerabilities

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2002-10757.5

Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly ...

CVE-2000-09317.5

Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands ...

CVE-2017-90467.3

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed ...