Remote exploitation of a buffer overflow vulnerability
in the University of Washington's IMAP Server (UW-IMAP) allows
attackers to execute arbitrary code.
The vulnerability specifically exists due to insufficient bounds
checking on user-supplied values. The mail_valid_net_parse_work()
function in src/c-client/mail.c is responsible for obtaining and
validating the specified mailbox name from user-supplied data. An error
in the parsing of supplied mailbox names will continue to copy memory
after a " character has been parsed until another " character is found.