🟡 Medium  | Source: Microsoft Security Response Center
A buffer over-read vulnerability in Postfix mail transfer agent (versions before 3.8.16, 3.9.10, and 3.10.9) can cause the process to crash when it encounters a malformed enhanced status code missing text after the third numeric segment. This is a denial-of-service risk affecting any system running a vulnerable Postfix version, including those used within Azure-hosted infrastructure. While the vulnerability does not appear to allow remote code execution, an attacker able to deliver a crafted response could disrupt mail delivery services.
Architect’s Take: Audit any Azure VMs, container workloads, or custom email relay infrastructure running Postfix and patch to 3.8.16, 3.9.10, or 3.10.9 as appropriate. If Postfix is deployed as part of a managed email gateway or relay tier, prioritise patching and review whether network-level controls can limit exposure to untrusted SMTP peers in the interim.