Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and previous versions allows remote malicious users to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qwikmail qwikmail smtp 0.3 |