Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gmc6-fwg3-75m5: Mimekit has vulnerable dependency that can lead to denial of service

Summary

Denial of service vulnerability.

Details

See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.

ghsa
#vulnerability#dos#js#git

Package

nuget MimeKit (NuGet)

Affected versions

>= 3.0.0, < 4.7.1

Patched versions

4.7.1

Description

Summary

Denial of service vulnerability.

Details

See: GHSA-447r-wph3-92pm and dotnet/announcements#312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.

References

  • GHSA-gmc6-fwg3-75m5
  • dotnet/announcements#312
  • jstedfast/MimeKit@aef4eda
  • GHSA-447r-wph3-92pm

jstedfast published to jstedfast/MimeKit

Jul 11, 2024

Published to the GitHub Advisory Database

Jul 11, 2024

Reviewed

Jul 11, 2024

Last updated

Jul 11, 2024

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`