CVE-2019-19977: libesmtp: Stack-based buffer over-read in ntlm_build_type_2() in ntlm/ntlmstruct.c

Severity: Critical

CVSS Score: 9.8

libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.