A null dereference vulnerability has been found in the MIME handling component of LibEtPan prior to 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libetpan project libetpan |
LibEtPan user? Upgrade to 1.8
Developers using the open source LibEtPan library in their email agents need to patch against a null-dereference vulnerability. Among other things, the library is used in MailCore and MailCore 2, which provide Objective C APIs to the IMAP, POP and SMTP protocols. The bug is in LibEtPan's MIME handling in version 1.7.2 and earlier. Designated CVE-2017-8825, the bug means the library can be crashed (in its mailimf.c component) trying to parse a Cc: header containing multiple email addresses. The b...