CVE-2021-38084

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38084

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38084.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38084

Related

UBUNTU-CVE-2021-38084

Published

2021-08-03T22:15:09Z

Modified

2025-03-02T05:49:48.312996Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

References

Affected packages

Debian:11 / courier

Package

Name: courier
Purl: pkg:deb/debian/courier?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.16-3

1.0.16-3.1

1.0.16-3.2

1.3.13-1

1.3.13-2

1.3.13-3

1.3.13-4

1.3.13-5

1.3.13-6

1.3.13-7

1.3.13-8

1.3.13-9

1.3.13-10

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / courier

Package

Name: courier
Purl: pkg:deb/debian/courier?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.16-3

1.0.16-3.1

1.0.16-3.2

1.3.13-1

1.3.13-2

1.3.13-3

1.3.13-4

1.3.13-5

1.3.13-6

1.3.13-7

1.3.13-8

1.3.13-9

1.3.13-10

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / courier

Package

Name: courier
Purl: pkg:deb/debian/courier?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.13-1

Affected versions

1.*

1.0.16-3

1.0.16-3.1

1.0.16-3.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/svarshavchik/courier

Affected ranges

Type: GIT
Repo: https://github.com/svarshavchik/courier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

368f9fb227b46406643b9425db604a0594f71dfe

Affected versions

cone/0.*

cone/0.91.1/20141214081718

cone/0.91/20141213104043

cone/0.92/20150427080758

cone/0.94/20160814095508

cone/0.95/20170305145100

cone/0.96.1/20170819100006

cone/0.96.2/20171203115147

cone/0.96/20170702105408

cone/1.*

cone/1.0/20180917224334

cone/1.1/20201026193655

cone/1.2/20210319214458

courier-analog/0.*

courier-analog/0.17/20160602194412

courier-analog/0.17/20160602194523

courier-analog/0.17/20160602194744

courier-analog/0.19/20210319214401

courier-authlib/0.*

courier-authlib/0.66.0/20130928223315

courier-authlib/0.66.1/20131111193749

courier-authlib/0.66.2/20150427083605

courier-authlib/0.66.3/20150628230025

courier-authlib/0.66.4/20151115120442

courier-authlib/0.67.0/20170128131141

courier-authlib/0.68.0/20170702104809

courier-authlib/0.69.0/20180917223454

courier-authlib/0.69.1/20190724201053

courier-authlib/0.70.0/20200419164631

courier-authlib/0.71.0/20200618210228

courier-authlib/0.71.1/20210209205029

courier-authlib/0.71.2/20210319214948

courier-authlib/0.71.3/20210412205815

courier-imap/4.*

courier-imap/4.14/20130928195544

courier-imap/4.15.1/20140901094658

courier-imap/4.15/20131128184113

courier-imap/4.16.0/20141213101457

courier-imap/4.16.1/20150427082912

courier-imap/4.16.2/20150628230425

courier-imap/4.17.0/20160426065621

courier-imap/4.17.1/20160508091211

courier-imap/4.17.2/20160814095842

courier-imap/4.17.2/20160814101108

courier-imap/4.17.3/20170117204906

courier-imap/4.18.0/20170702105051

courier-imap/4.18.1/20170819100155

courier-imap/4.18.2/20171004193929

courier-imap/5.*

courier-imap/5.0.0/20180917223909

courier-imap/5.0.1/20181013160554

courier-imap/5.0.10/20200420082513

courier-imap/5.0.11/20200618210620

courier-imap/5.0.12/20210209210152

courier-imap/5.0.14/20210301174726

courier-imap/5.0.2/20181027111145

courier-imap/5.0.2/20181027111303

courier-imap/5.0.3/20181117093458

courier-imap/5.0.4/20181128192207

courier-imap/5.0.5/20181217190442

courier-imap/5.0.6/20190130192542

courier-imap/5.0.7/20190330184405

courier-imap/5.0.8/20190831135704

courier-imap/5.0.9/20200419173038

courier-imap/5.1.0/20210319215058

courier-imap/5.1.1/20210320170246

courier-imap/5.1.2/20210326200013

courier-imap/5.1.3/20210424125018

courier-sox/0.*

courier-sox/0.12/20131006094016

courier-sox/0.13/20200616202004

courier-sox/0.14/20200618215757

courier-sox/0.15/20210209215744

courier/0.*

courier/0.72/20130928195848

courier/0.73.1/20131223194809

courier/0.73.2/20140901093012

courier/0.73/20131128185623

courier/0.74.0/20141213101233

courier/0.74.1/20141214080824

courier/0.74.2/20150427082224

courier/0.74.2/20150427082630

courier/0.75.0/20150628230151

courier/0.76.0/20160426065735

courier/0.76.1/20160508090929

courier/0.76.2/20160814095637

courier/0.76.2/20160814100959

courier/0.76.3/20160917211918

courier/0.76.4/20170117203707

courier/0.77.0/20170702104900

courier/0.78.0/20170819100405

courier/0.78.1/20171004193712

courier/0.78.2/20171203115636

courier/0.78.3/20180728230507

courier/1.*

courier/1.0.1/20181013160807

courier/1.0.10/20200419171855

courier/1.0.11/20200420073456

courier/1.0.12/20200420082639

courier/1.0.13/20200424072124

courier/1.0.14/20200618210330

courier/1.0.15/20210209205145

courier/1.0.17/20210301172541

courier/1.0.2/20181027103012

courier/1.0.3/20181117093143

courier/1.0.4/20181128192349

courier/1.0.5/20181217190604

courier/1.0.6/20190130192956

courier/1.0.7/20190330184047

courier/1.0.7/20190608085611

courier/1.0.8/20190608090758

courier/1.0.9/20190831140324

courier/1.0/20180917223614

courier/1.1.0/20210319215318

courier/1.1.1/20210320170424

courier/1.1.2/20210326200147

courier/1.1.3/20210424125125

courier/1.1.4/20210518212001

maildrop/2.*

maildrop/2.7.0/20130928195403

maildrop/2.7.1/20131128184356

maildrop/2.7.2/20140901092804

maildrop/2.8.0/20141213101719

maildrop/2.8.1/20141214081550

maildrop/2.8.2/20150427083304

maildrop/2.8.3/20150628231513

maildrop/2.8.4/20160814100858

maildrop/2.8.5/20170117205233

maildrop/2.9.0/20170702105314

maildrop/2.9.1/20170819100311

maildrop/2.9.1/20171004194531

maildrop/2.9.1/20171005071202

maildrop/2.9.2/20171005081210

maildrop/2.9.3/20171203115314

maildrop/3.*

maildrop/3.0.0/20180917224237

maildrop/3.0.1/20200618220426

maildrop/3.0.2/20210209215800

maildrop/3.0.3/20210319214705

sqwebmail/5.*

sqwebmail/5.7.0/20130928195718

sqwebmail/5.7.1/20131128184237

sqwebmail/5.7.2/20131223195015

sqwebmail/5.7.3/20140901092902

sqwebmail/5.8.0/20141213101603

sqwebmail/5.8.1/20141214081101

sqwebmail/5.8.2/20150427083025

sqwebmail/5.8.3/20150628231305

sqwebmail/5.8.4/20170117205036

sqwebmail/5.9.0/20170702105209

sqwebmail/5.9.1/20171004194032

sqwebmail/5.9.2/20171203115438

sqwebmail/5.9.3/20180728230254

sqwebmail/6.*

sqwebmail/6.0.0/20180917224034

sqwebmail/6.0.1/20190330184554

sqwebmail/6.0.1/20190608084158

sqwebmail/6.0.2/20190608084438

sqwebmail/6.0.3/20190831135524

sqwebmail/6.0.5/20210209210407

sqwebmail/6.0.6/20210319214818

sysconftool/0.*

sysconftool/0.17/20130825180226

sysconftool/0.17/20130825182318

sysconftool/0.18/20210319214332