mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.