oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

libetpan: NULL dereference vulnerability

From: "Perry E. Metzger" <perry () piermont com>
Date: Mon, 8 May 2017 09:00:05 -0400
A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.

Versions 1.7.2 and earlier are affected.

This bug has been assigned CVE-2017-8825.

Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:

https://github.com/dinhviethoa/libetpan/releases

See:
https://github.com/dinhviethoa/libetpan/issues/274
for details on the vulnerability.

Upstream users that wish to patch only this particular problem may
find the fix at:

https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d

Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.


-- 
Perry E. Metzger                perry () piermont com
Previous By Date Next
Previous By Thread Next

Current thread: