CVE-2006-1173
sendmail - programming error
EPSS 21.5%
Description
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
How to fix CVE-2006-1173
To remediate CVE-2006-1173, upgrade the affected package to a fixed version below.
- Debian/sendmail—upgrade to 8.13.7-1 or later
- Debian/sendmail—upgrade to 8.13.4-3sarge2 or later
Is CVE-2006-1173 being exploited?
Moderate — EPSS is 21.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 8.13.7-1
- from 0, < 8.13.4-3sarge2