David Schweikert

**Name of the Vulnerable Software and Affected Versions** Postgrey version 1.18 and earlier Net::Server versions 0.87 and earlier **Description** The issue is related to a format string vulnerability in the log function of Net::Server, which is used in Postgrey. This vulnerability allows remote attackers to cause a denial of service (crash) by sending format string specifiers that are not properly handled before being sent to syslog. For example, this can be demonstrated using sender addresses to Postgrey. The vulnerability can be exploited remotely, potentially leading to a disruption in the availability of protected information. **Recommendations** For Postgrey version 1.18 and earlier, update to a version later than 1.18 to resolve the issue. For Net::Server versions 0.87 and earlier, update to a version later than 0.87 to resolve the issue. As a temporary workaround, consider restricting access to the log function in Net::Server to minimize the risk of exploitation.