GHSA-gmc6-fwg3-75m5

Опубликовано: 11 июл. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Mimekit has vulnerable dependency that can lead to denial of service

Summary

Denial of service vulnerability.

Details

See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.

Ссылки

https://github.com/jstedfast/MimeKit/security/advisories/GHSA-gmc6-fwg3-75m5
https://github.com/dotnet/announcements/issues/312
https://github.com/jstedfast/MimeKit/commit/aef4eda75525848b992ce5e1f9b87399000fffb6
https://github.com/advisories/GHSA-447r-wph3-92pm

Пакеты

Наименование

MimeKit

nuget

Затронутые версииВерсия исправления

>= 3.0.0, < 4.7.1

4.7.1

8.7 High

CVSS4

7.5 High

CVSS3