Headline
GHSA-gmc6-fwg3-75m5: Mimekit has vulnerable dependency that can lead to denial of service
Summary
Denial of service vulnerability.
Details
See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312
PoC
Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated
Impact
Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.
Package
nuget MimeKit (NuGet)
Affected versions
>= 3.0.0, < 4.7.1
Patched versions
4.7.1
Description
Summary
Denial of service vulnerability.
Details
See: GHSA-447r-wph3-92pm and dotnet/announcements#312
PoC
Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated
Impact
Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.
References
- GHSA-gmc6-fwg3-75m5
- dotnet/announcements#312
- jstedfast/MimeKit@aef4eda
- GHSA-447r-wph3-92pm
jstedfast published to jstedfast/MimeKit
Jul 11, 2024
Published to the GitHub Advisory Database
Jul 11, 2024
Reviewed
Jul 11, 2024
Last updated
Jul 11, 2024