SUSE CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

CVE-2020-15953

LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...

PT-2020-14734 · Unknown +4 · Mailcore 2 +4

Name of the Vulnerable Software and Affected Versions: LibEtPan versions 1.9.4 and earlier MailCore 2 versions 0.6.3 and earlier Description: The issue affects IMAP, SMTP, and POP3 protocols due to a STARTTLS buffering problem. When a server sends a "begin TLS" response, the client reads addition...

CVE-2017-8825

A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses...

CVE-2017-8825

CVE-2017-8825 affects LibEtPan’s MIME handling (used by MailCore/MailCore 2). The vulnerability is a NULL dereference in the MIME parser (low-level/imf/mailimf.c) when parsing a Cc header with multiple addresses on pre-1.8 releases, resulting in a crash. A fix is available in LibEtPan 1.8 and lat...