AVG-2086 log
| Package | libesmtp |
| Status | Not affected |
| Severity | High |
| Type | arbitrary code execution |
| Affected | 1.0.6-7 |
| Fixed | 1.1.0-1 |
| Current | 1.1.0-2 [extra] |
| Ticket | FS#71292 |
| Created | Sat Jun 19 07:23:37 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-19977 | High | Yes | Arbitrary code execution | libESMTP before version 1.1.0 mishandles domain copying into a fixed- size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c. During NTLM authentication, a... |
| References |
|---|
https://github.com/libesmtp/libESMTP/blob/3d36c4125a7fe5bd770929761dfb9269defb1f5b/configure.ac#L390 |
| Notes |
|---|
The libesmtp 1.0.6-7 Arch Linux package was built without the --enable-ntlm configuration option, so the vulnerable NTLM authentication support was not enabled. |