发布时间: 2022年12月3日
修改时间: 2024年11月30日
A segmentation fault due to a null pointer dereference has been found in the IMAP STATUS command handling component. The error occurs when mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c when it tries to free st_info_list of mb_data_status. The segmentation fault is triggered when an invalid STATUS response is received. This can at least lead to a Denial Of Service.Upstream issue:https://github.com/dinhvh/libetpan/issues/420
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Local | |
| CVSS评分 | 5.5 | 0.0 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | Required | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2675 | A segmentation fault due to a null pointer dereference has been found in the IMAP STATUS command handling component. The error occurs when mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c when it tries to free st_info_list of mb_data_status. The segmentation fault is triggered when an invalid STATUS response is received. This can at least lead to a Denial Of Service.Upstream issue:https://github.com/dinhvh/libetpan/issues/420 | 2022年12月3日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | libetpan | Unaffected |
| KY3.4-5A | libetpan | Unaffected |
| KY3.5.1 | libetpan | Unaffected |
