CNNVD-202510-262 Information
CNNVD ID
CNNVD-202510-262
Related CVE
- CNNVD Published: 2025-10-02
Description (Chinese)
stalwart是Stalwart Labs开源的一个多功能邮件和协作服务器。 Stalwart 0.13.3及之前版本存在安全漏洞,该漏洞源于IMAP协议解析器中多个状态处理程序缺少验证检查,可能导致无界内存分配,从而触发系统内存不足杀手并导致拒绝服务。
Description (English)
Starwart is a multi-purpose mail and collaborative server from the Starwart Labs open source. There is a security loophole in the Stalwart 0.13.3 and previous versions, which stems from the lack of validation checks for multiple status processing procedures in the IMAP protocol resolutioner, which may lead to an open-ended internal distribution, thus triggering under-invented killers in the system and leading to the denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Stalwart Labs
Published
2025-10-02
Last Modified
2026-02-24
References
https://github.com/stalwartlabs/stalwart/commit/a8e631e881bded8128358732f18e02ca94a4e677 https://github.com/stalwartlabs/stalwart/releases/tag/v0.13.4 https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-8jqj-qj5p-v5rr
Patch
https://github.com/stalwartlabs/stalwart/releases
Share on: