PT-2022-12945 · Alpine+3 · Alpine+3

John Helmert Iii

Published

2022-11-03

Updated

2025-03-20

CVE-2021-46853

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Alpine versions prior to 2.25

Description The issue allows remote attackers to cause a denial of service, resulting in an application or daemon crash, when the LIST or LSUB command is sent before STARTTLS.

Recommendations For versions prior to 2.25, update to version 2.25 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LIST and LSUB commands before STARTTLS to minimize the risk of exploitation.

Fix

DoS

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2021-46853

USN-7360-1

Affected Products

Alpine

Debian

Linuxmint

Ubuntu

PT-2022-12945 · Alpine+3 · Alpine+3

CVE-2021-46853

Weakness Enumeration

Related Identifiers

Affected Products

References · 17