VYPR

Libesmtp

by Libesmtp

CVEs (4)

  • CVE-2019-19977CriDec 26, 2019
    risk 0.64cvss 9.8epss 0.03

    libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.

  • CVE-2010-1194Mar 31, 2010
    risk 0.00cvss epss 0.01

    The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.

  • CVE-2010-1192Mar 31, 2010
    risk 0.00cvss epss 0.01

    libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a…

  • CVE-2002-1090Oct 4, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.