SurgeMail Remote Format String Vulnerability

SurgeMail Remote Format String Vulnerability

SurgeMail is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.

This issue affects SurgeMail for Linux 3.7b8; prior versions may also be vulnerable.