CVE-2021-35525

Name of the Vulnerable Software and Affected Versions PostSRSd versions prior to 1.11

Description The issue is related to the incorrect handling of certain long data fields by the PostSRSd daemon in Postfix, which can lead to a denial of service (subprocess hang) when Postfix sends specific long data fields, such as multiple concatenated email addresses. The maintainer of PostSRSd acknowledges this as a security bug, although they question the reliability of triggering this condition by an external attacker.

Recommendations For PostSRSd versions prior to 1.11, update to version 1.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of long data fields in Postfix to minimize the risk of exploitation.