Lack of data validation In sylpheed
Description
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Aliases
1. 2. 3. 4. 5.