VulnerableCode Package Details - pkg:deb/debian/balsa@2.3.0-2sarge1

Search for packages

Vulnerability	Summary	Fixed by
VCID-13kz-a8m4-huht Aliases: CVE-2007-1558	Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of Electro-Communications claimed that a variant on the same hash-collision attack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this technique by stricter enforcement of the Message-ID format used by APOP.POP mail accounts which do not use any authentication are common and in the same hypothetical situation the password could be recovered immediately without any special programming on the attacker's part.	2.3.25-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-62qj-a33j-budt Aliases: CVE-2007-5007	balsa: IMAP server triggerred stack overflow	2.3.25-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-n7kk-bqxq-2yf6 Aliases: CVE-2020-16118	In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.	2.6.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-13kz-a8m4-huht
Aliases:
CVE-2007-1558

Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of Electro-Communications claimed that a variant on the same hash-collision attack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this technique by stricter enforcement of the Message-ID format used by APOP.POP mail accounts which do not use any authentication are common and in the same hypothetical situation the password could be recovered immediately without any special programming on the attacker's part.

2.3.25-1
Affected by 1 other vulnerability.

VCID-62qj-a33j-budt
Aliases:
CVE-2007-5007

balsa: IMAP server triggerred stack overflow

2.3.25-1
Affected by 1 other vulnerability.

VCID-n7kk-bqxq-2yf6
Aliases:
CVE-2020-16118

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.

2.6.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-v1g8-k87u-bbgc		CVE-2003-0167

Vulnerability

Summary

Aliases

VCID-v1g8-k87u-bbgc

CVE-2003-0167

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:43:28.119080+00:00	Debian Oval Importer	Affected by	VCID-13kz-a8m4-huht	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:41:33.384423+00:00	Debian Oval Importer	Fixing	VCID-v1g8-k87u-bbgc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:00:15.814865+00:00	Debian Oval Importer	Affected by	VCID-n7kk-bqxq-2yf6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:50:22.223535+00:00	Debian Oval Importer	Affected by	VCID-62qj-a33j-budt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0