Alpine Project: >> Alpine >> 2.19.1 Security Vulnerabilities
Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-11-03
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-10
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-06-19