In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
References
Link | Resource |
---|---|
https://alpine.x10host.com | Release Notes Third Party Advisory |
https://bugs.gentoo.org/807613#c4 | Third Party Advisory |
https://nostarttls.secvuln.info | Exploit Third Party Advisory |
https://security.gentoo.org/glsa/202301-07 | Third Party Advisory |
Configurations
History
13 Jan 2023, 20:05
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202301-07 - Third Party Advisory |
11 Jan 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2022, 19:27
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugs.gentoo.org/807613#c4 - Third Party Advisory |
03 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. |
20 Aug 2021, 18:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:alpine_project:alpine:*:*:*:*:*:*:*:* | |
References | (MISC) https://alpine.x10host.com - Release Notes, Third Party Advisory | |
References | (MISC) https://nostarttls.secvuln.info - Exploit, Third Party Advisory | |
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
10 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-10 15:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-38370
Mitre link : CVE-2021-38370
CVE.ORG link : CVE-2021-38370
JSON object : View
Products Affected
alpine_project
- alpine
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')