SurgeMail IMAP LSUB Command Remote Stack Buffer Overflow Vulnerability

SurgeMail IMAP LSUB Command Remote Stack Buffer Overflow Vulnerability

SurgeMail is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts will likely result in denial-of-service conditions.

SurgeMail 3.8k4 is vulnerable; other versions may also be affected.