Yuan Tan

**Name of the Vulnerable Software and Affected Versions** NGINX Plus and NGINX Open Source (affected versions not specified) **Description** The software contains a flaw in the `ngx mail smtp module` module related to how it processes Carriage Return Line Feed (CRLF) sequences within DNS responses. An attacker controlling a DNS server could exploit this to inject custom headers into SMTP requests sent upstream, potentially manipulating those requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.