oss-sec mailing list archives
libetpan: NULL dereference vulnerability
From: "Perry E. Metzger" <perry () piermont com>
Date: Mon, 8 May 2017 09:00:05 -0400
A NULL dereference vulnerability has been found in the MIME handling code of LibEtPan, a C language mail access and handling library that is used in a number of MUAs. Versions 1.7.2 and earlier are affected. This bug has been assigned CVE-2017-8825. Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8, which fixes the bug. It may be found at: https://github.com/dinhviethoa/libetpan/releases See: https://github.com/dinhviethoa/libetpan/issues/274 for details on the vulnerability. Upstream users that wish to patch only this particular problem may find the fix at: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d Thanks to Ryan Whitworth for uncovering this problem with American Fuzzy Lop. -- Perry E. Metzger perry () piermont com
Current thread:
- libetpan: NULL dereference vulnerability Perry E. Metzger (May 08)