VulnerableCode Package Details - pkg:deb/debian/balsa@2.3.25-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ad4u-daz2-aaap Aliases: CVE-2020-16118	In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.	2.6.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ad4u-daz2-aaap
Aliases:
CVE-2020-16118

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

2.6.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4pcg-c1we-aaar	Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.	CVE-2007-5007
VCID-yncr-147p-aaaa	The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.	CVE-2007-1558

Vulnerability

Summary

Aliases

VCID-4pcg-c1we-aaar

Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

CVE-2007-5007

VCID-yncr-147p-aaaa

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

CVE-2007-1558

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:52:36.219935+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:35:50.749949+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:11:33.604903+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T06:10:35.911702+00:00	Debian Oval Importer	Affected by	VCID-ad4u-daz2-aaap	None	36.1.3
2025-06-21T00:09:41.543146+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	None	36.1.3
2025-06-20T21:13:58.808327+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	None	36.1.3
2025-06-08T11:22:24.319422+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:10:28.573729+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:05:16.577515+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T23:49:30.955038+00:00	Debian Oval Importer	Affected by	VCID-ad4u-daz2-aaap	None	36.1.0
2025-06-07T17:32:28.795577+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	None	36.1.0
2025-06-07T14:38:07.855115+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	None	36.1.0
2025-04-12T21:30:44.573592+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:27:58.946110+00:00	Debian Oval Importer	Affected by	VCID-ad4u-daz2-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:06:26.088434+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T15:51:17.647182+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T06:37:21.813946+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T22:21:39.045446+00:00	Debian Oval Importer	Affected by	VCID-ad4u-daz2-aaap	None	36.0.0
2025-04-07T16:07:05.106563+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	None	36.0.0
2025-04-07T13:10:17.267878+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	None	36.0.0
2024-11-26T08:06:58.731351+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-11-26T01:48:51.471058+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-12T12:00:37.904362+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-10-12T07:56:27.656477+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-20T14:44:15.306591+00:00	Debian Oval Importer	Fixing	VCID-4pcg-c1we-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1
2024-09-20T13:35:43.878211+00:00	Debian Oval Importer	Fixing	VCID-yncr-147p-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1