CVE-2003-0540
EPSS 57.5%
Description
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
How to fix CVE-2003-0540
To remediate CVE-2003-0540, upgrade the affected package to a fixed version below.
- Debian/postfix—upgrade to 1.1.12 or later
Is CVE-2003-0540 being exploited?
Likely — EPSS is 57.5%, placing CVE-2003-0540 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.1.12