In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM...
5.9CVSS
7.6AI Score
0.001EPSS
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO...
7.7AI Score
0.033EPSS
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP...
9.8CVSS
7.8AI Score
0.033EPSS
commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative...
7.7AI Score
0.05EPSS
7.4AI Score
0.018EPSS
Denial of service in Qmail by specifying a large number of recipients with the RCPT...
7.3AI Score
0.001EPSS