|Subject:||Ignores response length and interprets body text as command result!|
Net::IMAP::Simple ignores the octet length sent by the server at the beginning of a FETCH response, and merely looks for the expected status line at the end of the response to determine when all the data has been received. Somebody just sent me a spam message with a bunch of garbage hidden in it, including a whole ton of strings that look like IMAP server response lines, one of which just happened to match the response line that Net::IMAP::Simple was looking for, so it stopped downloading the message at that point and hence the stream between it and the server was corrupted. The stuff in the spam message was probably an intentional effort to break IMAP clients. The fact that Net::IMAP::Simple was indeed broken by it indicates that it is vulnerable to this denial-of-service attack, and there may be security implications as well.