This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
DrWhax reports :
So in codeconv.c there is a function for Japanese character set
conversion called conv_jistoeuc(). There is no bounds checking on the
output buffer, which is created on the stack with alloca() Bug can be
triggered by sending an email to [email protected] or whatever.
Since my C is completely rusty, you might be able to make a better
judgment on the severity of this issue. Marking critical for now.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5