CVE-2019-11395

CRITICAL

MailCarrier 2.51 - RCE

Title source: llm

Description

A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.

Exploits (3)

nomisec WORKING POC 1 stars
by RedAlien00 · poc
https://github.com/RedAlien00/CVE-2019-11395
nomisec WORKING POC
by RafaelBicas · poc
https://github.com/RafaelBicas/CVE-2019-11395
nomisec WORKING POC
by caioprince · poc
https://github.com/caioprince/CVE-2019-11395

References (10)

Scores

CVSS v3 9.8
EPSS 0.1253
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
tabslab/mailcarrier 2.51
Published Apr 22, 2019
Tracked Since Feb 18, 2026