A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gross | < 1.0.2-4.1~deb12u1 | gross_1.0.2-4.1~deb12u1_all.deb |
Debian | 11 | all | gross | < 1.0.2-4.1~deb11u1 | gross_1.0.2-4.1~deb11u1_all.deb |
Debian | 999 | all | gross | < 1.0.2-4.1 | gross_1.0.2-4.1_all.deb |
Debian | 13 | all | gross | < 1.0.2-4.1 | gross_1.0.2-4.1_all.deb |