Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
MailCarrier 2.51 allows remote code execution via oversized POP3 command
CVE-2019-25364
Summary
A security flaw in MailCarrier 2.51 makes it possible for an attacker to send a malicious command that can take control of your server. This can happen if an attacker sends a specially crafted message to the MailCarrier POP3 server. To protect your server, update MailCarrier to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tabslab | mailcarrier | 2.51 | – |
Original title
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 ...
Original description
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-121
Stack-based Buffer Overflow
- https://www.exploit-db.com/exploits/47554 Exploit Third Party Advisory
- https://www.tabslab.com/ Product
- https://www.vulncheck.com/advisories/win-mailcarrier-pop-user-remote-buffer-over... Broken Link
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026