Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.