Dong-Hun

**Name of the Vulnerable Software and Affected Versions** Greylisting daemon (GLD) versions 1.3 through 1.4 **Description** The issue is related to a format string vulnerability in the ErrorLog function in cnf.c. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. **Recommendations** For Greylisting daemon (GLD) versions 1.3 through 1.4, consider disabling the ErrorLog function in cnf.c as a temporary workaround until a patch is available. Restrict access to the syslog to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Greylisting daemon (GLD) versions 1.3 through 1.4 **Description** The issue is related to multiple buffer overflows in the `HandleChild` function in `server.c`, which can be exploited when the daemon is listening on a network interface. This allows remote attackers to execute arbitrary code. **Recommendations** For Greylisting daemon (GLD) versions 1.3 through 1.4, consider disabling the `HandleChild` function in `server.c` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.