CVE-2021-35525 Information

Description

PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges heoretically this error should never occur … I’m not sure if there’s a reliable way to trigger this condition by an external attacker but it is a security bug in PostSRSd nevertheless.\

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Reference

https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 https://bugs.gentoo.org/793674 https://github.com/roehling/postsrsd/releases/tag/1.11 https://security.gentoo.org/glsa/202107-08

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

5.3