Pan 0.13.3 and previous versions allows remote malicious users to cause a denial of service (crash) via a news post with a long author email address.
charles kerr pan
Vulmon