Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
Simon Kelley reports:
[In configurations where the forwarding server address contains an @
character for specifying a sending interface or source address, the]
random source port behavior was disabled, making cache poisoning
This only affects configurations of the form server=18.104.22.168@em0 or
email@example.com, i. e. those that specify an interface to
send through, or an IP address to send from, or use together with