CVE-2021-38370
MEDIUMAlpine < 2.25 - Command Injection via Untagged IMAP Responses Before STARTTLS
Title source: llmDescription
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202301-07
Release Notes, Third Party Advisory
https://alpine.x10host.com
Third Party Advisory
https://bugs.gentoo.org/807613#c4
Exploit, Third Party Advisory
https://nostarttls.secvuln.info
Scores
CVSS v3
5.9
EPSS
0.0157
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-77
Status
published
Products (1)
alpine_project/alpine
< 2.25
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026