3 matches found
CVE-2020-15953
LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...
CVE-2022-4121
CVE-2022-4121 affects libetpan, specifically a null pointer dereference in mailimap_mailbox_data_status_free (low-level/imap/mailimap_types.c). This could lead to remote denial of service or other consequences. Public references show upstream/libetpan fixes; Debian LTS advisory DLA-4256-1 notes t...
CVE-2017-8825
CVE-2017-8825 affects LibEtPan’s MIME handling (used by MailCore/MailCore 2). The vulnerability is a NULL dereference in the MIME parser (low-level/imf/mailimf.c) when parsing a Cc header with multiple addresses on pre-1.8 releases, resulting in a crash. A fix is available in LibEtPan 1.8 and lat...