-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| MimeKit | nuget | >= 3.0.0, < 4.7.1 | 4.7.1 |
C#C#Miggo AIRoot Cause AnalysisThe vulnerability originates from a transitive dependency (System.Formats.Asn1 <=8.0.0) used by MimeKit for ASN.1 parsing in cryptographic operations. The MimeKit patch explicitly pins this dependency to 8.0.1 to resolve the issue. While MimeKit's S/MIME message decryption/verification and certificate import functionality are identified as attack vectors, no specific functions in MimeKit's codebase are directly implicated as vulnerable. The root cause lies in the dependency's ASN.1 parser, not in MimeKit's own implementation. The commit diff shows only dependency version changes, not code modifications, indicating the vulnerability was inherited rather than existing in MimeKit's functions themselves.
KEV Misses 88% of Exploited CVEs- Get the report