CVE-2023-52159
Published: 18 March 2024
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
Priority
References
- https://codeberg.org/bizdelnick/gross/commit/6403985fc1060e7aacea96e60535e1e7b0f6f193 (master)
- https://codeberg.org/bizdelnick/gross/commit/3f5508cce2c49d216b163eb7b38ea72d5162c76e (1.0.4)
- https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159
- https://www.cve.org/CVERecord?id=CVE-2023-52159
- NVD
- Launchpad
- Debian