2 results (0.005 seconds)

CVSS: 7.4EPSS: 1%CPEs: 5EXPL: 1

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." LibEtPan versiones hasta 1.9.4, como es usado en MailCore 2 versiones hasta 0.6.3 y otros productos, presenta un problema de almacenamiento en búfer STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente lee datos adicionales (por ejemplo, de un atacante de tipo meddler-in-the-middle) y los evalúa en un contexto TLS, también se conoce como "response injection" • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html https://github.com/dinhvh/libetpan/issues/386 https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J https://securit • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. Se ha encontrado una vulnerabilidad de desreferencia nula en el componente MIME de LibEtPan en versiones anteriores a la 1.8, como las utilizadas en MailCore y MailCore 2. Puede ocurrir un fallo en low-level/imf/mailimf.c durante una análisis fallido de una cabecera Cc que contiene múltiples direcciones de correo electrónico. • https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d https://github.com/dinhviethoa/libetpan/issues/274 https://github.com/dinhviethoa/libetpan/releases/tag/1.8 • CWE-476: NULL Pointer Dereference •