CVE-2019-16791

Medium

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade…

GitHub_M·CWE-757·Published 2019-07-05

CVSS

5.9

EPSS

0.01

KEV

Exploits

cve.orgen

162 chars

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

NVDen

162 chars

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

OSV.deven

162 chars

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

GHSAen

712 chars

## Incorrect query parsing ### Impact All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. ### Patches Problem has been patched in version 0.5.1 ### Workarounds Users may remediate this vulnerability without upgrading by applying [these patches](https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b) to older suppoorted versions. ### For more information If you have any questions or comments about this advisory: * Open an issue in [postfix-mta-sts-resolver repo](https://github.com/Snawoot/postfix-mta-sts-resolver) * Email me at [vladislav at vm-0 dot com](mailto:vladislav-ex-gh-advisory@vm-0.com)

NVDes

213 chars

En postfix-mta-sts-resolver versiones anteriores a 0.5.1, todos los usuarios pueden recibir una respuesta incorrecta del demonio bajo condiciones extrañas, renderizando una degradación de la política STS efectiva.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
3.1	Primary	cve.org	6.9	—	—	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
3.1	Primary	cve.org	6.9	—	—	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
3.1	Primary	NVD	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	6.9	—	—	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
3.1	Secondary	NVD	6.9	0.6	5.8	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
4.0	Secondary	GHSA	8.7	—	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Version

Type

Source

Base

Exp

Impact

Vector

2.0

Primary

NVD

4.3

8.6

2.9

AV:N/AC:M/Au:N/C:N/I:N/A:P

3.1

Primary

cve.org

6.9

—

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

3.1

Primary

cve.org

6.9

—

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

3.1

Primary

NVD

5.9

2.2

3.6

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

3.1

Secondary

GHSA

6.9

—

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

3.1

Secondary

NVD

6.9

0.6

5.8

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

4.0

Secondary

GHSA

8.7

—

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N