Note:
This project will be discontinued after December 13, 2021. [more]
2020-07-29
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
| Products | Balsa, Backports_sle, Leap |
| Type | NULL Pointer Dereference (CWE-476) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5
• https://gitlab.gnome.org/GNOME/balsa/-/issues/23 • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00035.html • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00045.html |