Postfix Security: CVE-2026-43964 may cause process crashes
Posted: Tue May 05, 2026 7:07 am
A newly assigned CVE affects Postfix before 3.8.16, 3.9.10 and 3.10.9. The issue is a buffer over-read in the handling of enhanced status codes.
A current Postfix security issue has been assigned as CVE-2026-43964.
The vulnerability affects Postfix when an enhanced status code is not followed by additional text. An example would be a response like:
without any text after the three-number status code.
According to the public discussion, this problem cannot be triggered by a normal SMTP or LMTP server response. However, it has been confirmed in connection with access(5) tables and DNSBL TXT responses when Postfix is configured with variables such as:
in rbl_reply_maps or default_rbl_reply.
Affected versions:
The issue is a buffer over-read. In practice, this ca…login to view the rest of this post
A current Postfix security issue has been assigned as CVE-2026-43964.
The vulnerability affects Postfix when an enhanced status code is not followed by additional text. An example would be a response like:
Code: Select all
5.7.2
According to the public discussion, this problem cannot be triggered by a normal SMTP or LMTP server response. However, it has been confirmed in connection with access(5) tables and DNSBL TXT responses when Postfix is configured with variables such as:
Code: Select all
$rbl_code $rbl_text
Affected versions:
- Postfix before 3.8.16
- Postfix 3.9 before 3.9.10
- Postfix 3.10 before 3.10.9
- Postfix 3.8.16
- Postfix 3.9.10
- Postfix 3.10.9
The issue is a buffer over-read. In practice, this ca…login to view the rest of this post