Описание
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gross | fixed | 1.0.2-4.1 | package | |
| gross | fixed | 1.0.2-4.1~deb12u1 | bookworm | package |
| gross | fixed | 1.0.2-4.1~deb11u1 | bullseye | package |
Примечания
https://codeberg.org/bizdelnick/gross/commit/6403985fc1060e7aacea96e60535e1e7b0f6f193 (master)
https://codeberg.org/bizdelnick/gross/commit/3f5508cce2c49d216b163eb7b38ea72d5162c76e (1.0.4)
https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
EPSS
Связанные уязвимости
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
EPSS