PT-2019-16027 · Libesmtp+3 · Libesmtp+3

Published

2019-12-26

Updated

2024-06-15

CVE-2019-19977

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libESMTP versions 1.0.0 through 1.0.6

Description The issue arises from the mishandling of domain copying into a fixed-size buffer in the ntlm build type 2 function within ntlm/ntlmstruct.c. This can lead to a stack-based buffer over-read.

Recommendations For libESMTP versions 1.0.0 through 1.0.6, consider updating to a version that addresses this issue, as the current version may pose a risk due to the buffer over-read in the ntlm build type 2 function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-5879

AZL-36949

AZL-7260

CVE-2019-19977

MGASA-2021-0503

OPENSUSE-SU-2021:1235-1

OPENSUSE-SU-2021:2937-1

OPENSUSE-SU-2021_1235-1

OPENSUSE-SU-2021_2937-1

OPENSUSE-SU-2024:12594-1

SUSE-SU-2021:14793-1

SUSE-SU-2021:2917-1

SUSE-SU-2021:2937-1

SUSE-SU-2021:2937-2

SUSE-SU-2021_14793-1

SUSE-SU-2021_2917-1

SUSE-SU-2021_2937-1

Affected Products

Alt Linux

Debian

Suse

Libesmtp

PT-2019-16027 · Libesmtp+3 · Libesmtp+3

CVE-2019-19977

Weakness Enumeration

Related Identifiers

Affected Products

References · 29