A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x
before 1.0.4 allows remote attackers to trigger a denial of service (grossd
daemon crash) or potentially execute arbitrary code in grossd via crafted
SMTP transaction parameters that cause an incorrect strncat for a log
entry.
codeberg.org/bizdelnick/gross/commit/3f5508cce2c49d216b163eb7b38ea72d5162c76e (1.0.4)
codeberg.org/bizdelnick/gross/commit/6403985fc1060e7aacea96e60535e1e7b0f6f193 (master)
codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
launchpad.net/bugs/cve/CVE-2023-52159
nvd.nist.gov/vuln/detail/CVE-2023-52159
security-tracker.debian.org/tracker/CVE-2023-52159
www.cve.org/CVERecord?id=CVE-2023-52159