Description
Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached.
Product(s):
- Clearswift MailSweeper 4.0
- Clearswift MailSweeper 4.1
- Clearswift MailSweeper 4.2
- Clearswift MailSweeper 4.3.10
- Clearswift MailSweeper 4.3.11
- Clearswift MailSweeper 4.3.13
- Clearswift MailSweeper 4.3.3
- Clearswift MailSweeper 4.3.4
- Clearswift MailSweeper 4.3.5
- Clearswift MailSweeper 4.3.6
- Clearswift MailSweeper 4.3.6 SP1
- Clearswift MailSweeper 4.3.7
- Clearswift MailSweeper 4.3.8
- Clearswift Mailsweeper 4.3
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2328, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2328 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.