user/claws-mail: CVE-2020-16094: imap_scan_tree_recursive stack overflow
Bugzilla ID | 347 |
Alias(es) | CVE-2020-16094 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-08-13 17:03:01 -0500 |
Modified | 2020-10-30 22:39:10 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/claws-mail |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-16094 |
Description
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious
IMAP server can trigger stack consumption because of unlimited
recursion into subdirectories during a rebuild of the folder tree.
Waiting on upstream https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313