Alpine prior to 2.25 allows remote malicious users to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
alpine project alpine