postfix: buffer over-read via malformed enhanced status code

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

RHEL 10 : postfix (RHSA-2026:25930)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25930 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buff...

USN-8253-2: Postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

OESA-2026-2291 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postfix vulnerability (USN-8253-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8253-1 advisory. Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use...

USN-8253-1 postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

Linux Distros Unpatched Vulnerability : CVE-2026-43964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks te...

MiracleLinux 9 : postfix-3.5.25-1.el9 (AXSA:2024-9252:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9252:01 advisory. postfix: SMTP smuggling vulnerability CVE-2023-51764 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 4 : postfix-2.6.6-2.1.AXS4 (AXSA:2011-159:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-159:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-0411 The STARTTLS implementation...

MiracleLinux 3 : postfix-2.3.3-2.9AXS3 (AXSA:2008-88:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-88:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. CVE-2008-2936: Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and...

EUVD-2008-2929

Malware in sbrugna...

EUVD-2004-0923

Malware in sbrugna...

EUVD-2003-0462

Malware in sbrugna...

EUVD-2008-3875

Malware in sbrugna...

EUVD-2008-2930

Malware in sbrugna...

NewStart CGSL MAIN 7.02 : postfix Vulnerability (NS-SA-2025-0159)

The remote NewStart CGSL host, running version MAIN 7.02, has postfix packages installed that are affected by a vulnerability: - Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other...

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

The vulnerability of the Postfix mail server’s smtpd service allows attackers to circumvent security restrictions and carry out email substitution attacks (type of SMTP Smuggling attack).

The vulnerability of the Postfix mail server’s smtp daemon is related to insufficient verification of data authenticity when processing line endings other than . Exploiting this vulnerability allows a malicious actor to bypass security restrictions and replace emails a type of SMTP smuggling atta...