FreeBSD : mailpit -- multiple vulnerabilities (7a56b0f7-7b62-11f1-8a70-10ffe07f9334)

high Nessus Plugin ID 325981

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a56b0f7-7b62-11f1-8a70-10ffe07f9334 advisory.

Mailpit author reports:
Mailpit's SMTP server reads each command line with an unbounded bufio.Reader.ReadString('\n') before parsing the command or enforcing any protocol length limit. A remote SMTP client can send an oversized single command line and force Mailpit to allocate attacker-controlled memory before the server returns a syntax error or times out, even though RFC 5321 limits SMTP command lines to 512 octets including CRLF.
Mailpit's thumbnail endpoint decodes attacker-supplied image attachments into a full raster before checking any decoded-pixel, dimension, or memory budget. A remote client that can store an email and reach the default web API can supply a compact high-dimension image, then request /api/v1/message/{id}/part/{partID}/thumb to force server-side memory and CPU work far larger than the encoded attachment size before Mailpit returns a 180x120 thumbnail.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?131ecbdd

http://www.nessus.org/u?49523193

http://www.nessus.org/u?fce9c4e3

Plugin Details

Severity: High

ID: 325981

File Name: freebsd_pkg_7a56b0f77b6211f18a7010ffe07f9334.nasl

Version: 1.1

Type: Local

Published: 7/9/2026

Updated: 7/9/2026

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mailpit, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2026

Vulnerability Publication Date: 7/9/2026