Описание
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
Отчет
This issue did not affect the versions of libesmtp as shipped with Red Hat Enterprise Linux 6 and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libesmtp | Not affected | ||
| Red Hat Enterprise Linux 7 | libesmtp | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1788744libesmtp: Stack-based buffer over-read in ntlm_build_type_2() in ntlm/ntlmstruct.c
7.4 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 6 лет назад
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
CVSS3: 9.8
nvd
около 6 лет назад
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
CVSS3: 9.8
debian
около 6 лет назад
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...
7.4 High
CVSS3