[原文]Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
Remote / Network Access,
Local / Remote,
Loss of Confidentiality,
Loss of Integrity
HashCash contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a format string in the way HashCash handles the "From:" Email header occurs. It is possible that the flaw may allow remote system access resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to version 1.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.