CVE-2009-2356

Name of the Vulnerable Software and Affected Versions NullLogic Groupware version 1.2.7

Description The issue is related to multiple stack-based buffer overflows in the pgsqlQuery function when PostgreSQL is used. This could allow remote attackers to execute arbitrary code via input to the POP3, SMTP, or web component that triggers a long SQL query.

Recommendations For NullLogic Groupware version 1.2.7, consider restricting access to the pgsqlQuery function until a patch is available. As a temporary workaround, avoid using long SQL queries in the POP3, SMTP, or web components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.