{"id":"CVE-2019-19977","details":"libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.","modified":"2026-04-16T04:38:23.220278115Z","published":"2019-12-26T01:15:10.973Z","related":["SUSE-SU-2021:14793-1","SUSE-SU-2021:2917-1","SUSE-SU-2021:2937-1","SUSE-SU-2021:2937-2","openSUSE-SU-2021:1235-1","openSUSE-SU-2021:2937-1","openSUSE-SU-2024:12594-1"],"references":[{"type":"WEB","url":"https://web.archive.org/web/20190528215510/http://brianstafford.info/libesmtp/"},{"type":"FIX","url":"https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md"},{"type":"EVIDENCE","url":"https://github.com/jbouse-debian/libesmtp/blob/ca5bd0800ef1da234315da4c59716568eb5e6402/ntlm/ntlmstruct.c#L228-L242"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jbouse-debian/libesmtp","events":[{"introduced":"0"},{"last_affected":"ca5bd0800ef1da234315da4c59716568eb5e6402"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.6"}]}}],"versions":["upstream/1.0.4","upstream/1.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19977.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}