CVE-2019-8337

In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
marlammpop
1.4.2
marlammsmtp
1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mpop
bullseye
1.4.12-1
fixed
stretch
not-affected
jessie
not-affected
sid
1.4.18-1
fixed
trixie
1.4.18-1
fixed
bookworm
1.4.18-1
fixed
msmtp
bullseye
1.8.11-2.1
fixed
stretch
not-affected
jessie
not-affected
bookworm
1.8.23-1
fixed
sid
1.8.24-1
fixed
trixie
1.8.24-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mpop
noble
Fixed 1.4.3-1
released
mantic
Fixed 1.4.3-1
released
lunar
Fixed 1.4.3-1
released
kinetic
Fixed 1.4.3-1
released
jammy
Fixed 1.4.3-1
released
impish
Fixed 1.4.3-1
released
hirsute
Fixed 1.4.3-1
released
groovy
Fixed 1.4.3-1
released
focal
Fixed 1.4.3-1
released
eoan
Fixed 1.4.3-1
released
disco
Fixed 1.4.3-1
released
cosmic
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
msmtp
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
ignored
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8
https://marlam.de/mpop/news/mpop-1-4-3/
https://marlam.de/msmtp/news/
https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8
https://marlam.de/mpop/news/mpop-1-4-3/
https://marlam.de/msmtp/news/