In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libetpan | Libetpan_project | - (including) | - (including) |
| Libetpan | Ubuntu | bionic | * |
| Libetpan | Ubuntu | esm-apps/bionic | * |
| Libetpan | Ubuntu | esm-apps/focal | * |
| Libetpan | Ubuntu | esm-apps/jammy | * |
| Libetpan | Ubuntu | esm-apps/xenial | * |
| Libetpan | Ubuntu | focal | * |
| Libetpan | Ubuntu | jammy | * |
| Libetpan | Ubuntu | kinetic | * |
| Libetpan | Ubuntu | lunar | * |
| Libetpan | Ubuntu | mantic | * |
| Libetpan | Ubuntu | oracular | * |
| Libetpan | Ubuntu | trusty | * |
| Libetpan | Ubuntu | upstream | * |
| Libetpan | Ubuntu | xenial | * |
Potential Mitigations
References
- https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba
- https://github.com/dinhvh/libetpan/issues/420
- https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba
- https://github.com/dinhvh/libetpan/issues/420
- https://lists.debian.org/debian-lts-announce/2025/07/msg00018.html