Security vulnerabilities and automated fixes for vms issues
1 post found
A critical buffer overflow vulnerability was discovered and patched in `sys/vms/vmsmail.c`, where eight unchecked calls to `strcpy()` and `strcat()` allowed externally-sourced mail message content to overflow fixed-size buffers. An attacker capable of sending a crafted VMS mail message could overwrite stack return addresses, potentially achieving arbitrary code execution. The fix replaces all dangerous string operations with bounds-checked `snprintf()` calls, eliminating the overflow risk entire