Hi, I have recently reported two issues in the courier mail server's MIME parsing. The parser code is also used by courier-imap, sqwebmail, maildrop, and cone.
Malformed inputs can crash or cause an endless loop. In my tests, both issues only affected courier 1.5.0, 1.4.x versions are unaffected. Version 1.5.1 contains a fix. These issues can be triggered by passing the base64-encoded samples below to the reformime commandline tool: reformime -r < [poc] Segfault / OOB read in rfc822::address::unicode_name: TWltZS1WZXJzaW9uOjEuCkNvbnRlbnQtVHlwZTptdWx0aXBhcnQ7Ym91bmRhcnk9PQoKLS09CkZy b206MFw9Pzw= Endless loop / hang: Q29udGVudC1UeXBlOiCAAA== I have not tested whether it is possible to trigger these remotely via SMTP or IMAP. I had reported this to courier developer Sam Varshavchik on 2025-10-23. Fixed versions of courier and the other affected packages were released on the same day [1]. [1] https://sourceforge.net/p/courier/mailman/message/59250695/ -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/
