Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-8825

Published: 08/05/2017 Updated: 18/05/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libetpan Project

Vulnerability Summary

A null dereference vulnerability has been found in the MIME handling component of LibEtPan prior to 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libetpan project libetpan

Vendor Advisories

Debian CVElist Bug Report Logs: libetpan: CVE-2017-8825
Debian Bug report logs - #862151 libetpan: CVE-2017-8825 Package: src:libetpan; Maintainer for src:libetpan is Ricardo Mones <mones@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 9 May 2017 06:09:02 UTC Severity: important Tags: patch, security, upstream Found in version libetpan/16- ...

Github Repositories

https://github.com/rwhitworth/fuzzing-utils

Summer of 2017 fuzzing project

fuzzing-utils Fixes jimtcl Fix / command: divide by zero githubcom/msteveb/jimtcl/commit/d139d42051b3539970ff5ec7fca6deb311e7307c expr: fix crash on invalid ternary order githubcom/msteveb/jimtcl/commit/cc83b696b6b5e4cef4e312782a3fff23d5cdb8ad Fix ref count for interpolation/expression githubcom/msteveb/jimtcl/commit/fdeb3a6c507680181a41e1f24cae

Recent Articles

Email client lib blown apart by CC: list of death
The Register • Richard Chirgwin • 09 May 2017

LibEtPan user? Upgrade to 1.8

Developers using the open source LibEtPan library in their email agents need to patch against a null-dereference vulnerability. Among other things, the library is used in MailCore and MailCore 2, which provide Objective C APIs to the IMAP, POP and SMTP protocols. The bug is in LibEtPan's MIME handling in version 1.7.2 and earlier. Designated CVE-2017-8825, the bug means the library can be crashed (in its mailimf.c component) trying to parse a Cc: header containing multiple email addresses. The b...

Read more...

References

CWE-476https://github.com/dinhviethoa/libetpan/releases/tag/1.8https://github.com/dinhviethoa/libetpan/issues/274https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22dhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862151https://nvd.nist.govhttps://github.com/rwhitworth/fuzzing-utils
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook