SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability

SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability

SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 38k is vulnerable; other versions may also be affected.