Debian Alpine vulnerabilities

CVE-2021-38370 [MEDIUM] CVE-2021-38370: alpine - In Alpine before 2.25, untagged responses from an IMAP server are accepted befor... In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. Scope: local bookworm: resolved (fixed in 2.25+dfsg1-1) bullseye: open forky: resolved (fixed in 2.25+dfsg1-1) sid: resolved (fixed in 2.25+dfsg1-1) trixie: resolved (fixed in 2.25+dfsg1-1)

CVE-2021-46853 [MEDIUM] CVE-2021-46853: alpine - Alpine before 2.25 allows remote attackers to cause a denial of service (applica... Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. Scope: local bookworm: resolved (fixed in 2.25+dfsg1-1) bullseye: open forky: resolved (fixed in 2.25+dfsg1-1) sid: resolved (fixed in 2.25+dfsg1-1) trixie: resolved (fixed in 2.25+dfsg1-1)

CVE-2020-14929 [HIGH] CVE-2020-14929: alpine - Alpine before 2.23 silently proceeds to use an insecure connection after a /tls ... Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. Scope: local bookworm: resolved (fixed in 2.23+dfsg1-1) bullseye: resolved (fixed in 2.23+dfsg1-1) for

CVE-2015-2305 [MEDIUM] CVE-2015-2305: alpine - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex li... Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Scope: local bookworm: resolved bullseye:

CVE-2008-5514 [MEDIUM] CVE-2008-5514: alpine - Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines... Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow. Scope: local bookworm: resolved (

CVE-2008-5005 [CRITICAL] CVE-2008-5005: alpine - Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolk... Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code b

CVE-2005-2933 [HIGH] CVE-2005-2933: alpine - Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washingt... Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. Scope: local bookworm:

CVE-2005-1066 [LOW] CVE-2005-1066: alpine - Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrit... Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2003-0721 [HIGH] CVE-2003-0721: alpine - Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58... Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2003-0720 [HIGH] CVE-2003-0720: alpine - Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary... Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2003-0297 [HIGH] CVE-2003-0297: alpine - c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicio... c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid:

CVE-2002-1903 [MEDIUM] CVE-2002-1903: alpine - Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sende... Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved