http://bugzilla.opensuse.org/show_bug.cgi?id=1187820 Bug ID: 1187820 Summary: VUL-0: CVE-2021-35525: postsrsd: Denial of service (subprocess hang) if Postfix sends certain long data fields Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/303128/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#1977067 PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless." References: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474... https://bugs.gentoo.org/793674 https://github.com/roehling/postsrsd/releases/tag/1.11 References: https://bugzilla.redhat.com/show_bug.cgi?id=1977067 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35525 https://github.com/roehling/postsrsd/releases/tag/1.11 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35525 https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474... https://bugs.gentoo.org/793674 -- You are receiving this mail because: You are on the CC list for the bug.