Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SMTP Proxy远程格式串处理漏洞
Vulnerability Description
SMTP Proxy是SMTP代理服务器程序。 SMTP Proxy在处理SMTP头字段时存在格式串问题,远程攻击者可以利用这个漏洞可能以进程权限在系统上执行任意指令。 攻击者发送客户端主机名或message-id包含格式串的消息给SMTP Proxy服务器,在被snprintf()格式化然后发送带syslog()并被解析为格式串时会触发内存破坏问题,精心构建提交数据可能以进程权限在系统上执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A