PT-2019-14834 · Postfix · Postfix-Mta-Sts-Resolver

Snawoot

Published

2019-07-05

Updated

2020-10-23

CVE-2019-16791

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions postfix-mta-sts-resolver versions prior to 0.5.1

Description The issue affects all users and can cause the daemon to return an incorrect response under rare conditions, leading to a downgrade of the effective STS policy.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 to resolve the issue. As a temporary workaround, users may apply the provided patches to older supported versions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-757

Related Identifiers

CVE-2019-16791

GHSA-H92M-42H4-82F6

PYSEC-2020-174

Affected Products

Postfix-Mta-Sts-Resolver

PT-2019-14834 · Postfix · Postfix-Mta-Sts-Resolver

CVE-2019-16791

Weakness Enumeration

Related Identifiers

Affected Products

References · 11