Gnome Balsa vulnerabilities

5 known vulnerabilities affecting gnome/balsa.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-16118HIGHCVSS 7.5fixed in 2.6.02020-07-29
CVE-2020-16118 [HIGH] CWE-476 CVE-2020-16118: In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL poi In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
nvdosv
CVE-2020-13645MEDIUMCVSS 6.5fixed in 2.5.11v2.6.02020-05-28
CVE-2020-13645 [MEDIUM] CWE-295 CVE-2020-13645: In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname v In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server i
nvd
CVE-2007-5007MEDIUMCVSS 6.8v1.1.7v1.2.4+38 more2007-12-12
CVE-2007-5007 [MEDIUM] CWE-119 CVE-2007-5007: Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote I Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
nvdosv
CVE-2007-1558LOWCVSS 2.6≥ 0, < 2.3.17-12007-04-16
CVE-2007-1558 [LOW] CVE-2007-1558: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.
osv
CVE-2003-0167HIGHCVSS 7.5≥ 0, < 2.0.102003-04-02
CVE-2003-0167 [HIGH] CVE-2003-0167: Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1 Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
osv