Vulnerability Description
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
CVSS Score
6.9
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postfix-Mta-Sts-Resolver Project | Postfix-Mta-Sts-Resolver | < 0.5.1 |
Related Weaknesses (CWE)
References
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6bPatchThird Party Advisory
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92PatchThird Party Advisory
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6bPatchThird Party Advisory
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92PatchThird Party Advisory
FAQ
What is CVE-2019-16791?
CVE-2019-16791 is a vulnerability with a CVSS score of 6.9 (MEDIUM). In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
How severe is CVE-2019-16791?
CVE-2019-16791 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16791?
Check the references section above for vendor advisories and patch information. Affected products include: Postfix-Mta-Sts-Resolver Project Postfix-Mta-Sts-Resolver.