Vulnerability Details CVE-2019-16791
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 6.9
CVSS v2 Score 4.3
References
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
Products affected by CVE-2019-16791
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.7
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.8
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.9
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.3.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.5.0