mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
2000-04-23T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | eric_allman | sendmail | 5.58 | Yes |
| Application | eric_allman | sendmail | 5.59 | Yes |
| Application | eric_allman | sendmail | 8.6.x | Yes |
| Application | eric_allman | sendmail | 8.7.1 | Yes |
| Application | eric_allman | sendmail | 8.7.2 | Yes |
| Application | eric_allman | sendmail | 8.7.3 | Yes |
| Application | eric_allman | sendmail | 8.7.4 | Yes |
| Application | eric_allman | sendmail | 8.7.5 | Yes |
| Application | eric_allman | sendmail | 8.7.6 | Yes |
| Application | eric_allman | sendmail | 8.7.x | Yes |
| Application | eric_allman | sendmail | 8.8 | Yes |
| Application | eric_allman | sendmail | 8.8.1 | Yes |
| Application | eric_allman | sendmail | 8.8.2 | Yes |
| Application | eric_allman | sendmail | 8.8.3 | Yes |
| Application | eric_allman | sendmail | 8.8.4 | Yes |
| Application | eric_allman | sendmail | 8.8.5 | Yes |
| Application | eric_allman | sendmail | 8.8.x | Yes |
| Application | eric_allman | sendmail | 8.9.1 | Yes |
| Application | eric_allman | sendmail | 8.9.3 | Yes |