CVE-2023-52159

Name of the Vulnerable Software and Affected Versions gross versions 0.9.3 through 1.x before 1.0.4

Description A stack-based buffer overflow vulnerability allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.

Recommendations For versions 0.9.3 through 1.x before 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the grossd daemon to minimize the risk of exploitation. Avoid using crafted SMTP transaction parameters that could cause an incorrect strncat for a log entry until the issue is resolved.