6.4 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.086 Low
EPSS
Percentile
94.3%
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the “=” (equals) character, which is not properly handled during encoding.
CPE | Name | Operator | Version |
---|---|---|---|
courier_mta | eq | 0.37.3 | |
courier_mta | eq | 0.38.1 | |
courier_mta | le | 0.44.2 | |
courier_mta | eq | 0.43.2 | |
courier_mta | eq | 0.43 | |
courier_mta | eq | 0.43.1 | |
courier_mta | eq | 0.40 | |
courier_mta | eq | 0.44 |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834
secunia.com/advisories/20519
secunia.com/advisories/20548
secunia.com/advisories/20792
secunia.com/advisories/21350
security.gentoo.org/glsa/glsa-200608-06.xml
securitytracker.com/id?1016248
www.courier-mta.org/beta/patches/verp-fix/README.txt
www.debian.org/security/2006/dsa-1101
www.securityfocus.com/bid/18345
www.vupen.com/english/advisories/2006/2214
exchange.xforce.ibmcloud.com/vulnerabilities/26998
usn.ubuntu.com/294-1/