CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245 net-imap: Quadratic complexity when reading response literals

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...

EUVD-2025-36739

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

SUSE CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

Memory Allocation with Excessive Size Value

Overview org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the ResponseReader class. An attacker can cause the application to allocate excessive memory and trigger a denial of service by includin...

UBUNTU-CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large =2GiB IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for...

Sourceforge mbsync 缓冲区错误漏洞

Sourceforge mbsync is an application from the Sourceforge community in the United States. It provides synchronization of remote IMAP mailboxes with local maildir-style mailboxes. Sourceforge mbsync suffers from a buffer error vulnerability that stems from the fact that due to insufficient handlin...

PT-2022-10520 · Mbsync +1 · Mbsync +1

Name of the Vulnerable Software and Affected Versions: mbsync versions prior to 1.4.4 Description: A flaw was found due to inadequate handling of extremely large =2GiB IMAP literals. Malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several differe...

DEBIAN-CVE-2003-0297

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...