본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7845 | Jiransecurity Spamsniper Stack-based Buffer Overflow Vulnerability2020.12.22
□ Overview
 o Jiransecurity released security update to address stack-based buffer overflow vulnerability in Spamsniper.
Vulerability Type Impact Severity CVSS CVE ID
Buffer overflow Code execution High 8.1 CVE-2020-7845
 
□ Description
 o Spamsniper contains a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.

□ Affected Products
Product Version
Spamsniper version 5.0.2 ~ 5.7.5
 
□ Solution
 o Update software over 5.7.6 version or latest patch (revision 5500)

□ Acknowledgements
 o KrCERT/CC Vulnerability Analysis Team Researcher Honggi Kim, Hyunsoo Gil, Jeesoo Jurn


□ 작성 : 침해사고분석단 취약점분석팀