Vulnerability Details CVE-2019-16791
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 47.1%
CVSS Severity
CVSS v3 Score 6.9
CVSS v2 Score 4.3
References
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
- https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b
- https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6
Products affected by CVE-2019-16791
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.1.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.7
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.8
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.2.9
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.3.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.0
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.1
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.2
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.3
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.4
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.4.5
-
cpe:2.3:a:postfix-mta-sts-resolver_project:postfix-mta-sts-resolver:0.5.0