CVE-2019-8337
UnknownEPSS 0.92%
Last modified
CVE-2019-8337 is a vulnerability of currently unknown severity. In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Marlam | Mpop | 1.4.2 |
| Marlam | Msmtp | 1.8.2 |
References
- https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8Patch, Third Party Advisory
- https://marlam.de/mpop/news/mpop-1-4-3/Patch, Third Party Advisory
- https://marlam.de/msmtp/news/Patch, Vendor Advisory
- https://gitlab.marlam.de/marlam/mpop/commit/b51a6c6b8b83bf0913cc52fa2ff64307e987a5b8Patch, Third Party Advisory
- https://marlam.de/mpop/news/mpop-1-4-3/Patch, Third Party Advisory
- https://marlam.de/msmtp/news/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-8337?
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
How severe is CVE-2019-8337?
Severity scoring for CVE-2019-8337 is pending analysis. The EPSS model estimates a 0.92% probability of exploitation in the next 30 days.
How do I fix CVE-2019-8337?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-8337?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST