Bizdelnick

**Name of the Vulnerable Software and Affected Versions** gross versions 0.9.3 through 1.x before 1.0.4 **Description** A stack-based buffer overflow vulnerability allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry. **Recommendations** For versions 0.9.3 through 1.x before 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the grossd daemon to minimize the risk of exploitation. Avoid using crafted SMTP transaction parameters that could cause an incorrect strncat for a log entry until the issue is resolved.