mail-internals use-after-free vulnerability in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

feembox (>=0.1.0 <=0.1.1), mail (>=0.6.0 <=0.7.0) +5 more potentially affected by unknown CVE via mail-internals (=0.2.3)

mail-internals CARGO version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on mail-internals and may be impacted: - feembox =0.1.0, =0.6.0, =0.6.0, =0.6.0, =0.2.0, =0.6.0, =0.1.0, =0.1.2 Source cves: unknown CVE Source advisory:...

Use-after-free in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

Malicious code in mail-core-git (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed968d6731b2ad5c42bbf83613ea38918dfd3b5cc2c3aa642c5239bc50578fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4452 Malicious code in mail-core-git (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ed968d6731b2ad5c42bbf83613ea38918dfd3b5cc2c3aa642c5239bc50578fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...