Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.51421
Percentile: 0.97759

CVSS Scoring

Mapped CWE(s)

• CWE-120 : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
• cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
• cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
• cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
• cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
• cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
• cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
• cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
• cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
• cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*
• cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
• cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*

← Back to Home