vendor:
Sendmail
by:
Unknown
7.5
CVSS
HIGH
Heap-based Buffer Overflow
122
CWE
Product Name: Sendmail
Affected Version From: Versions prior to Sendmail 8.13.2
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2004-2761
CPE: a:sendmail:sendmail
Platforms Tested:
2004
Sendmail Heap-based Buffer Overflow Vulnerability
Sendmail is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
Mitigation:
Update to Sendmail version 8.13.2 or later.