Sasa Jusic

**Name of the Vulnerable Software and Affected Versions** Alt-N MDaemon versions 9.0.5 and prior **Description** The issue is related to multiple heap-based buffer overflows in the POP3 server. These overflows can be triggered by remote attackers sending long strings that contain '@' characters in the `USER` and `APOP` commands, potentially leading to a denial of service (daemon crash) and possibly allowing the execution of arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Alt-N MDaemon versions 9.0.5 and prior, update to version 9.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the POP3 server or limiting the length of input strings for the `USER` and `APOP` commands until a patch is applied.