CVE-2019-19977 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	libESMTP before version 1.1.0 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c. During NTLM authentication, a sufficiently long domain, workstation or user name would overwrite the stack. Furthermore, nt_unicode() is called with an incorrect length argument, potentially causing it to read uninitialised memory or possibly a SIGSEGV or SIGBUS under the same circumstances.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2086	libesmtp	1.0.6-7	1.1.0-1	High	Not affected	FS#71292

References
https://github.com/libesmtp/libESMTP/issues/6 https://github.com/libesmtp/libESMTP/commit/8c85278d28ff4da32106714a1420371fe37ef349