Vulnerabilites related to libmailcore - mailcore2
Vulnerability from fkie_nvd
Published
2021-02-17 21:15
Modified
2024-11-21 05:57
Severity ?
Summary
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canarymail | canary_mail | 3.20 | |
| canarymail | canary_mail | 3.21 | |
| libmailcore | mailcore2 | 0.6.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:canarymail:canary_mail:3.20:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8A0F96F5-488B-485C-93D9-0DFE7DD732C4", vulnerable: true, }, { criteria: "cpe:2.3:a:canarymail:canary_mail:3.21:*:*:*:*:iphone_os:*:*", matchCriteriaId: "A3D232FE-4500-4FD5-B7B0-901134B488E2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libmailcore:mailcore2:0.6.4:*:*:*:*:*:*:*", matchCriteriaId: "973E27F1-AE98-4C43-BE54-C4A453EEF046", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.", }, { lang: "es", value: "El archivo core/imap/MCIMAPSession.cpp en Canary Mail versiones anteriores a 3.22, tiene una Falta de Comprobación de Certificado SSL para IMAP en modo STARTTLS", }, ], id: "CVE-2021-26911", lastModified: "2024-11-21T05:57:01.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-17T21:15:12.900", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/3", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://apps.apple.com/us/app/canary-mail/id1236045954", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://census-labs.com/news/category/advisories/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/02/17/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://apps.apple.com/us/app/canary-mail/id1236045954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://census-labs.com/news/category/advisories/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/02/17/3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-27 07:15
Modified
2024-11-21 05:06
Severity ?
Summary
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libetpan_project | libetpan | * | |
| libmailcore | mailcore2 | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libetpan_project:libetpan:*:*:*:*:*:*:*:*", matchCriteriaId: "265D13E3-68BC-4CD7-B04E-A9713F74895F", versionEndIncluding: "1.9.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libmailcore:mailcore2:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC108A8-B707-46A8-BD74-19DB4DDD7E56", versionEndIncluding: "0.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"", }, { lang: "es", value: "LibEtPan versiones hasta 1.9.4, como es usado en MailCore 2 versiones hasta 0.6.3 y otros productos, presenta un problema de almacenamiento en búfer STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta \"begin TLS\", el cliente lee datos adicionales (por ejemplo, de un atacante de tipo meddler-in-the-middle) y los evalúa en un contexto TLS, también se conoce como \"response injection\"", }, ], id: "CVE-2020-15953", lastModified: "2024-11-21T05:06:31.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-27T07:15:10.910", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/dinhvh/libetpan/issues/386", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-55", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/dinhvh/libetpan/issues/386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-55", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-15953
Vulnerability from cvelistv5
Published
2020-07-27 06:07
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dinhvh/libetpan/issues/386 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202007-55 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/dinhvh/libetpan/issues/386", }, { name: "GLSA-202007-55", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-55", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html", }, { name: "FEDORA-2020-13ae5f7221", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/", }, { name: "FEDORA-2020-44e52ef729", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/", }, { name: "openSUSE-SU-2020:1454", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html", }, { name: "openSUSE-SU-2020:1505", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-22T21:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/dinhvh/libetpan/issues/386", }, { name: "GLSA-202007-55", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-55", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html", }, { name: "FEDORA-2020-13ae5f7221", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/", }, { name: "FEDORA-2020-44e52ef729", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/", }, { name: "openSUSE-SU-2020:1454", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html", }, { name: "openSUSE-SU-2020:1505", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15953", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/dinhvh/libetpan/issues/386", refsource: "MISC", url: "https://github.com/dinhvh/libetpan/issues/386", }, { name: "GLSA-202007-55", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-55", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html", }, { name: "FEDORA-2020-13ae5f7221", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/", }, { name: "FEDORA-2020-44e52ef729", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/", }, { name: "openSUSE-SU-2020:1454", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html", }, { name: "openSUSE-SU-2020:1505", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15953", datePublished: "2020-07-27T06:07:04", dateReserved: "2020-07-27T00:00:00", dateUpdated: "2024-08-04T13:30:23.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26911
Vulnerability from cvelistv5
Published
2021-02-17 20:54
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://apps.apple.com/us/app/canary-mail/id1236045954 | x_refsource_MISC | |
| https://census-labs.com/news/category/advisories/ | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/02/17/3 | x_refsource_MISC | |
| https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/ | x_refsource_MISC | |
| https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/02/17/3 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:41.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://apps.apple.com/us/app/canary-mail/id1236045954", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://census-labs.com/news/category/advisories/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/02/17/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", }, { name: "[oss-security] 20210217 CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T21:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://apps.apple.com/us/app/canary-mail/id1236045954", }, { tags: [ "x_refsource_MISC", ], url: "https://census-labs.com/news/category/advisories/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2021/02/17/3", }, { tags: [ "x_refsource_MISC", ], url: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", }, { name: "[oss-security] 20210217 CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-26911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://apps.apple.com/us/app/canary-mail/id1236045954", refsource: "MISC", url: "https://apps.apple.com/us/app/canary-mail/id1236045954", }, { name: "https://census-labs.com/news/category/advisories/", refsource: "MISC", url: "https://census-labs.com/news/category/advisories/", }, { name: "https://www.openwall.com/lists/oss-security/2021/02/17/3", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2021/02/17/3", }, { name: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", refsource: "MISC", url: "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/", }, { name: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", refsource: "CONFIRM", url: "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018", }, { name: "[oss-security] 20210217 CVE-2021-26911: Canary Mail with IMAP STARTTLS missing certificate validation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/17/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-26911", datePublished: "2021-02-17T20:54:08", dateReserved: "2021-02-08T00:00:00", dateUpdated: "2024-08-03T20:33:41.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }