VYPR

Alpine

by Alpine

CVEs (3)

  • CVE-2020-14929HigJun 19, 2020
    risk 0.49cvss 7.5epss 0.02

    Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.

  • CVE-2021-46853MedNov 3, 2022
    risk 0.38cvss 5.9epss 0.01

    Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.

  • CVE-2021-38370MedAug 10, 2021
    risk 0.38cvss 5.9epss 0.02

    In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.