University Of Washington: >> Pine >> 4.21 Security Vulnerabilities
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
CVSS Score
7.5
EPSS Score
0.193
Published
2003-09-17
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
CVSS Score
7.8
EPSS Score
0.031
Published
2002-12-31
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
CVSS Score
5.0
EPSS Score
0.164
Published
2002-12-11
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
CVSS Score
7.5
EPSS Score
0.012
Published
2002-07-26
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
CVSS Score
7.5
EPSS Score
0.11
Published
2000-12-19
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.
CVSS Score
7.5
EPSS Score
0.012
Published
2000-11-14
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
CVSS Score
10.0
EPSS Score
0.025
Published
1999-11-18