Impact
go-imap-sql (imapsql module) reencodes message contents into UTF-8 for implementation of collations and lookup operations needed for IMAP. There is a known issue in implementation of hz-gb-2312 encoding used by go-imap-sql. It may lead to Denial-of-Service via out-of-memory crash. It can be triggered easily by sending a message to any local recipient.
Patches
Commit 3a93fc6 (cherry-picked to 0.2-fixes branch as 8edcd91) temporary disables the support for encoding with buggy implementation.
Workarounds
Use any filtering mechanisms to reject messages that use hz-gb-2312 charset before they are handled by go-imap-sql.
References
emersion/go-message#95
golang/go#35118
Impact
go-imap-sql (
imapsqlmodule) reencodes message contents into UTF-8 for implementation of collations and lookup operations needed for IMAP. There is a known issue in implementation ofhz-gb-2312encoding used by go-imap-sql. It may lead to Denial-of-Service via out-of-memory crash. It can be triggered easily by sending a message to any local recipient.Patches
Commit 3a93fc6 (cherry-picked to 0.2-fixes branch as 8edcd91) temporary disables the support for encoding with buggy implementation.
Workarounds
Use any filtering mechanisms to reject messages that use
hz-gb-2312charset before they are handled by go-imap-sql.References
emersion/go-message#95
golang/go#35118