PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges theoretically, this error should never occur … Im not sure if theres a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postsrsd | Postsrsd_project | * | 1.11 (excluding) |