CVE-2019-8337

EUVD-2019-17727
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
marlammpop
1.4.2
marlammsmtp
1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mpop
bookworm
1.4.18-1
fixed
bullseye
1.4.12-1
fixed
jessie
not-affected
sid
1.4.18-1
fixed
stretch
not-affected
trixie
1.4.18-1
fixed
msmtp
bookworm
1.8.23-1
fixed
bullseye
1.8.11-2.1
fixed
jessie
not-affected
sid
1.8.24-1
fixed
stretch
not-affected
trixie
1.8.24-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mpop
bionic
not-affected
cosmic
not-affected
disco
Fixed 1.4.3-1
released
eoan
Fixed 1.4.3-1
released
focal
Fixed 1.4.3-1
released
groovy
Fixed 1.4.3-1
released
hirsute
Fixed 1.4.3-1
released
impish
Fixed 1.4.3-1
released
jammy
Fixed 1.4.3-1
released
kinetic
Fixed 1.4.3-1
released
lunar
Fixed 1.4.3-1
released
mantic
Fixed 1.4.3-1
released
noble
Fixed 1.4.3-1
released
trusty
dne
xenial
not-affected
msmtp
bionic
needs-triage
cosmic
ignored
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8
https://marlam.de/mpop/news/mpop-1-4-3/
https://marlam.de/msmtp/news/
https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8
https://marlam.de/mpop/news/mpop-1-4-3/
https://marlam.de/msmtp/news/