Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2417

Description

Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.

Affected products

Smtp.proxy/SMTP.proxy
cpe:2.3:a:smtp.proxy:smtp.proxy:1.1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2004-06/0267.htmlnvdPatchVendor Advisory
secunia.com/advisories/11823nvdVendor Advisory
www.osvdb.org/6838nvd
www.securityfocus.com/bid/10509nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16378nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000