GHSA-h92m-42h4-82f6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h92m-42h4-82f6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-h92m-42h4-82f6/GHSA-h92m-42h4-82f6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-h92m-42h4-82f6
- Aliases
- Related
- Published
- 2019-07-05T21:06:58Z
- Modified
- 2024-10-21T20:22:08.702308Z
- Severity
-
- 6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Summary
- postfix-mta-sts-resolver Algorithm Downgrade vulnerability
- Details
-
Incorrect query parsing
Impact
All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Patches
Problem has been patched in version 0.5.1
Workarounds
Users may remediate this vulnerability without upgrading by applying these patches to older suppoorted versions.
For more information
If you have any questions or comments about this advisory: * Open an issue in postfix-mta-sts-resolver repo * Email me at vladislav at vm-0 dot com
- Database specific
{ "github_reviewed": true, "nvd_published_at": null, "severity": "HIGH", "cwe_ids": [ "CWE-757" ], "github_reviewed_at": "2020-06-16T21:39:43Z" }- References
-
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
- https://nvd.nist.gov/vuln/detail/CVE-2019-16791
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/Snawoot/postfix-mta-sts-resolver
- https://github.com/pypa/advisory-database/tree/main/vulns/postfix-mta-sts-resolver/PYSEC-2020-174.yaml
Affected packages
PyPI / postfix-mta-sts-resolver
Package
- Name
- postfix-mta-sts-resolver
- View open source insights on deps.dev
- Purl
- pkg:pypi/postfix-mta-sts-resolver