VYPR
Unrated severityNVD Advisory· Published Feb 27, 2008· Updated Jun 16, 2026

CVE-2008-1054

CVE-2008-1054

Description

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

28
  • Netwin/Surgemail28 versions
    cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.8e:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.0a2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.0e:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.0g2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.1a:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.1c7:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.2a6:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.2c10:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.2c9:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.2g2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:2.2g3:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.1s:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.8f3:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.8i:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.8i2:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:3.8i3:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:38k:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgemail:38k4:*:*:*:*:*:*:*
    • (no CPE)range: <=38k4, beta 39a

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.