CVE-2005-1513
high-risk
Published 2005-05-11
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
Do I need to act?
~
9.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (5)
Affected Vendors
References (36)
Third Party Advisory
http://packetstormsecurity.com/files/158203/Qmail-Local-Privilege-Escalation-Rem...
Mailing List
http://seclists.org/fulldisclosure/2020/Jun/27
Broken Link
http://securitytracker.com/id?1013911
Third Party Advisory
https://security.gentoo.org/glsa/202007-01
Third Party Advisory
https://usn.ubuntu.com/4556-1/
Mailing List
https://www.debian.org/security/2020/dsa-4692
and 16 more references
55
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
11/34 · Low
Exposure
12/34 · Low