Unrated severityNVD Advisory· Published Mar 14, 2009· Updated Apr 23, 2026

CVE-2009-0582

Description

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.

Affected products

GNOME Foundation/Evolution Data Server2 versions
cpe:2.3:a:gnome:evolution-data-server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:evolution-data-server:*:*:*:*:*:*:*:*range: <=2.24.5
- cpe:2.3:a:gnome:evolution-data-server:2.25.92:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000