Vulnerability Description
PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postsrsd Project | Postsrsd | < 1.11 |
References
- https://bugs.gentoo.org/793674Issue TrackingPatchRelease Notes
- https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe2PatchThird Party Advisory
- https://github.com/roehling/postsrsd/releases/tag/1.11Release NotesThird Party Advisory
- https://security.gentoo.org/glsa/202107-08Third Party Advisory
- https://bugs.gentoo.org/793674Issue TrackingPatchRelease Notes
- https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe2PatchThird Party Advisory
- https://github.com/roehling/postsrsd/releases/tag/1.11Release NotesThird Party Advisory
- https://security.gentoo.org/glsa/202107-08Third Party Advisory
FAQ
What is CVE-2021-35525?
CVE-2021-35525 is a vulnerability with a CVSS score of 5.3 (MEDIUM). PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "t...
How severe is CVE-2021-35525?
CVE-2021-35525 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35525?
Check the references section above for vendor advisories and patch information. Affected products include: Postsrsd Project Postsrsd.