Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensmtpd
(Opensmtpd)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-25 | CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | Ubuntu_linux, Fedora, Opensmtpd | 4.7 | ||
| 2020-02-25 | CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. | Ubuntu_linux, Debian_linux, Fedora, Opensmtpd | 9.8 | ||
| 2020-12-24 | CVE-2020-35679 | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. | Fedora, Opensmtpd | 7.5 | ||
| 2020-12-24 | CVE-2020-35680 | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. | Fedora, Opensmtpd | 7.5 | ||
| 2023-04-04 | CVE-2023-29323 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. | Openbsd, Opensmtpd | 7.8 |