CVE-2021-35525
MEDIUMpostsrsd < 1.11 - Denial of Service via Long Data Fields
Title source: llmDescription
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/roehling/postsrsd/releases/tag/1.11
Patch, Third Party Advisory x_refsource_misc
https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
Issue Tracking, Patch, Release Notes, Third Party Advisory x_refsource_misc
https://bugs.gentoo.org/793674
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202107-08
Scores
CVSS v3
5.3
EPSS
0.0162
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
Status
published
Products (1)
postsrsd_project/postsrsd
< 1.11
Published
Jun 28, 2021
Tracked Since
Feb 18, 2026