gross is vulnerable to stack-based buffer overflow. The vulnerability is due to a stack-based buffer overflow in versions 0.9.3 through 1.x before 1.0.4. Remote attackers can exploit this vulnerability to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
CPE | Name | Operator | Version |
---|---|---|---|
gross:buster | eq | 1.0.2-4+b1 | |
gross:sid | eq | 1.0.2-4+b1 | |
gross:sid | eq | 1.0.2-4+b2 | |
gross:buster | eq | 1.0.2-4+b1 | |
gross:sid | eq | 1.0.2-4+b1 | |
gross:sid | eq | 1.0.2-4+b2 |