VDB
CVE-2005-1127
CVE-2005-1127
PUBLISHED
CVSS 5 MEDIUM
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
EPSS 5.75% · 90.6th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
5.75%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| postgrey | postgrey | 0, 1.17, 1.18 |
| n/a | n/a | n/a |
Timeline
- Apr 16, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- GLSA-200608-18 vendor-advisory
- DSA-1122 vendor-advisory
- 21452 third-party-advisory
- [postgrey] 20050414 Re: Problem with crashing postgrey mailing-list
- 15517 vdb
- 21164 third-party-advisory
- 20050415 Use of function "log" in Perl module Net::Server mailing-list
- 21152 third-party-advisory
- [postgrey] 20050414 Problem with crashing postgrey mailing-list
- 21149 third-party-advisory
- [postgrey] 20050414 ANNOUNCE: Postgrey 1.21 (SECURITY) mailing-list
- postgrey-logging-dos(20108) vdb
- DSA-1121 vendor-advisory
- 14958 third-party-advisory
- MDKSA-2006:131 vendor-advisory
- 13193 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2005-1127 advisory