Search criteria
18 vulnerabilities found for opensmtpd by opensmtpd
CVE-2025-62875 (GCVE-0-2025-62875)
Vulnerability from nvd – Published: 2025-11-20 16:02 – Updated: 2025-11-21 16:28
VLAI?
Title
Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.
This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Tumbleweed |
Affected:
? , < 7.8.0p0-1.1
(custom)
|
Credits
Matthias Gerstner of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-20T16:06:09.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/31/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:28:15.978148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:28:18.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "OpenSMTPD",
"product": "openSUSE Tumbleweed",
"vendor": "SUSE",
"versions": [
{
"lessThan": "7.8.0p0-1.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2025-11-19T16:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD\u0026nbsp;allows local users to crash\u0026nbsp;OpenSMTPD.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.\u003c/div\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD\u00a0allows local users to crash\u00a0OpenSMTPD.\n\n\n\n\nThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:02:11.542Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875"
},
{
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62875",
"datePublished": "2025-11-20T16:02:11.542Z",
"dateReserved": "2025-10-24T10:34:22.764Z",
"dateUpdated": "2025-11-21T16:28:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29323 (GCVE-0-2023-29323)
Vulnerability from nvd – Published: 2023-04-04 00:00 – Updated: 2025-11-04 18:14
VLAI?
Summary
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T20:09:35.982445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:33:55.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:14:35.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
},
{
"name": "FEDORA-2024-28fde3feb7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T22:06:20.632Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
},
{
"name": "FEDORA-2024-28fde3feb7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29323",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-04-04T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:14:35.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-35679 (GCVE-0-2020-35679)
Vulnerability from nvd – Published: 2020-12-24 15:53 – Updated: 2024-08-04 17:09
VLAI?
Summary
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/",
"refsource": "MISC",
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
},
{
"name": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043",
"refsource": "MISC",
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35679",
"datePublished": "2020-12-24T15:53:23",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35680 (GCVE-0-2020-35680)
Vulnerability from nvd – Published: 2020-12-24 15:53 – Updated: 2024-08-04 17:09
VLAI?
Summary
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T09:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/",
"refsource": "MISC",
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
},
{
"name": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1",
"refsource": "MISC",
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35680",
"datePublished": "2020-12-24T15:53:03",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8794 (GCVE-0-2020-8794)
Vulnerability from nvd – Published: 2020-02-25 16:38 – Updated: 2024-08-04 10:12
VLAI?
Summary
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbsd.org/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-04T17:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbsd.org/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbsd.org/security.html",
"refsource": "MISC",
"url": "https://www.openbsd.org/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/02/24/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"name": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8794",
"datePublished": "2020-02-25T16:38:07",
"dateReserved": "2020-02-07T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8793 (GCVE-0-2020-8793)
Vulnerability from nvd – Published: 2020-02-25 16:22 – Updated: 2024-08-04 10:12
VLAI?
Summary
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4294-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-13T22:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4294-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbsd.org/security.html",
"refsource": "MISC",
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4294-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8793",
"datePublished": "2020-02-25T16:22:02",
"dateReserved": "2020-02-07T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-62875
Vulnerability from fkie_nvd - Published: 2025-11-20 16:16 - Updated: 2026-01-15 19:03
Severity ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.
This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
References
| URL | Tags | ||
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875 | Issue Tracking, Patch | |
| meissner@suse.de | https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/10/31/3 | Exploit, Mailing List, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensmtpd | opensmtpd | 7.7.0 | |
| opensuse | tumbleweed | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:7.7.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "D9276FD7-305A-4B17-B6F9-0335514293BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:tumbleweed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAE627B-88FB-4905-AA8F-1E69391C055E",
"versionEndExcluding": "7.8.0p0-1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD\u00a0allows local users to crash\u00a0OpenSMTPD.\n\n\n\n\nThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1."
}
],
"id": "CVE-2025-62875",
"lastModified": "2026-01-15T19:03:30.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "meissner@suse.de",
"type": "Secondary"
}
]
},
"published": "2025-11-20T16:16:00.540",
"references": [
{
"source": "meissner@suse.de",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875"
},
{
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/10/31/3"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "meissner@suse.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-29323
Vulnerability from fkie_nvd - Published: 2023-04-04 23:15 - Updated: 2025-11-04 19:15
Severity ?
Summary
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h | Product | |
| cve@mitre.org | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h | Product | |
| cve@mitre.org | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h | Product | |
| cve@mitre.org | https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig | Patch | |
| cve@mitre.org | https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig | Patch | |
| cve@mitre.org | https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f | Patch | |
| cve@mitre.org | https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae | Patch | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20230526-0006/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230526-0006/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35EC43DF-70E4-4B31-8881-E79D09432151",
"versionEndExcluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDBEB9A-DA9B-4384-8C56-599ED2B8D7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6EC6AC-E2DE-4166-A762-AB6A88DF1C1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address."
}
],
"id": "CVE-2023-29323",
"lastModified": "2025-11-04T19:15:42.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T23:15:07.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-35680
Vulnerability from fkie_nvd - Published: 2020-12-24 16:15 - Updated: 2024-11-21 05:27
Severity ?
Summary
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/ | ||
| cve@mitre.org | https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202105-12 | Third Party Advisory | |
| cve@mitre.org | https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202105-12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensmtpd | opensmtpd | * | |
| opensmtpd | opensmtpd | 6.8.0 | |
| opensmtpd | opensmtpd | 6.8.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95277BD3-1335-4B27-AE1A-61FB5C85FE60",
"versionEndExcluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65FA0447-DC89-4609-824B-ED31E56AD47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:patch1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDFB59E5-863A-454F-BDC4-8894E9A15B3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer."
},
{
"lang": "es",
"value": "El archivo smtpd/lka_filter.c en OpenSMTPD versiones anteriores a 6.8.0p1, en determinadas configuraciones, permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y fallo del demonio) por medio de un patr\u00f3n dise\u00f1ado de actividad del cliente, porque la m\u00e1quina de estado del filtro no mantiene apropiadamente el canal de I/O entre el motor SMTP y la capa de filtros"
}
],
"id": "CVE-2020-35680",
"lastModified": "2024-11-21T05:27:49.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-24T16:15:15.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-12"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-35679
Vulnerability from fkie_nvd - Published: 2020-12-24 16:15 - Updated: 2024-11-21 05:27
Severity ?
Summary
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/ | ||
| cve@mitre.org | https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202105-12 | Third Party Advisory | |
| cve@mitre.org | https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202105-12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensmtpd | opensmtpd | * | |
| opensmtpd | opensmtpd | 6.8.0 | |
| opensmtpd | opensmtpd | 6.8.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95277BD3-1335-4B27-AE1A-61FB5C85FE60",
"versionEndExcluding": "6.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "65FA0447-DC89-4609-824B-ED31E56AD47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:patch1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDFB59E5-863A-454F-BDC4-8894E9A15B3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups."
},
{
"lang": "es",
"value": "El archivo smtpd/table.c en OpenSMTPD versiones anteriores a 6.8.0p1, carece de determinado regfree, lo que podr\u00eda permitir a atacantes activar un filtrado de memoria \"very significant\" por medio de mensajes hacia una instancia que lleva a cabo muchas b\u00fasquedas de expresiones regulares"
}
],
"id": "CVE-2020-35679",
"lastModified": "2024-11-21T05:27:49.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-24T16:15:15.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-12"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8794
Vulnerability from fkie_nvd - Published: 2020-02-25 17:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Feb/32 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/02/26/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/03/01/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/03/01/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/04/7 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4294-1/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4634 | Third Party Advisory | |
| cve@mitre.org | https://www.openbsd.org/security.html | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/02/24/5 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Feb/32 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/02/26/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/03/01/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/03/01/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/04/7 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4294-1/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4634 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openbsd.org/security.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/02/24/5 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensmtpd | opensmtpd | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4076E6-F78B-421A-BFE1-35E326B88753",
"versionEndExcluding": "6.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
},
{
"lang": "es",
"value": "OpenSMTPD versiones anteriores a 6.6.4, permite una ejecuci\u00f3n de c\u00f3digo remota debido a una lectura fuera de l\u00edmites en la funci\u00f3n mta_io en el archivo mta_session.c para respuestas multil\u00ednea. Aunque esta vulnerabilidad afecta al lado del cliente de OpenSMTPD, es posible atacar a un servidor porque el c\u00f3digo del servidor inicia el c\u00f3digo del cliente durante el manejo de saltos."
}
],
"id": "CVE-2020-8794",
"lastModified": "2024-11-21T05:39:27.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-25T17:15:13.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openbsd.org/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openbsd.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8793
Vulnerability from fkie_nvd - Published: 2020-02-25 17:15 - Updated: 2024-11-21 05:39
Severity ?
Summary
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Feb/28 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/02/24/4 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4294-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.openbsd.org/security.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Feb/28 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/02/24/4 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4294-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openbsd.org/security.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensmtpd | opensmtpd | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4076E6-F78B-421A-BFE1-35E326B88753",
"versionEndExcluding": "6.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c."
},
{
"lang": "es",
"value": "OpenSMTPD versiones anteriores a 6.6.4, permite a usuarios locales leer archivos arbitrarios (por ejemplo, en algunas distribuciones de Linux) debido a una combinaci\u00f3n de una ruta de b\u00fasqueda no confiable en el archivo makemap.c y unas condiciones de carrera en la funcionalidad offline en el archivo smtpd.c."
}
],
"id": "CVE-2020-8793",
"lastModified": "2024-11-21T05:39:26.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-25T17:15:13.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openbsd.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.openbsd.org/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
},
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-62875 (GCVE-0-2025-62875)
Vulnerability from cvelistv5 – Published: 2025-11-20 16:02 – Updated: 2025-11-21 16:28
VLAI?
Title
Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD.
This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Tumbleweed |
Affected:
? , < 7.8.0p0-1.1
(custom)
|
Credits
Matthias Gerstner of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-20T16:06:09.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/31/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T16:28:15.978148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:28:18.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "OpenSMTPD",
"product": "openSUSE Tumbleweed",
"vendor": "SUSE",
"versions": [
{
"lessThan": "7.8.0p0-1.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2025-11-19T16:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD\u0026nbsp;allows local users to crash\u0026nbsp;OpenSMTPD.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.\u003c/div\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD\u00a0allows local users to crash\u00a0OpenSMTPD.\n\n\n\n\nThis issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:02:11.542Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875"
},
{
"url": "https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62875",
"datePublished": "2025-11-20T16:02:11.542Z",
"dateReserved": "2025-10-24T10:34:22.764Z",
"dateUpdated": "2025-11-21T16:28:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29323 (GCVE-0-2023-29323)
Vulnerability from cvelistv5 – Published: 2023-04-04 00:00 – Updated: 2025-11-04 18:14
VLAI?
Summary
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T20:09:35.982445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:33:55.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:14:35.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
},
{
"name": "FEDORA-2024-28fde3feb7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T22:06:20.632Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49\u0026r2=1.49.4.1\u0026f=h"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.50.4.1\u0026f=h"
},
{
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50\u0026r2=1.51\u0026f=h"
},
{
"url": "https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f"
},
{
"url": "https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0006/"
},
{
"name": "FEDORA-2024-28fde3feb7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29323",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-04-04T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:14:35.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-35679 (GCVE-0-2020-35679)
Vulnerability from cvelistv5 – Published: 2020-12-24 15:53 – Updated: 2024-08-04 17:09
VLAI?
Summary
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a \"very significant\" memory leak via messages to an instance that performs many regex lookups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/",
"refsource": "MISC",
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
},
{
"name": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043",
"refsource": "MISC",
"url": "https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35679",
"datePublished": "2020-12-24T15:53:23",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35680 (GCVE-0-2020-35680)
Vulnerability from cvelistv5 – Published: 2020-12-24 15:53 – Updated: 2024-08-04 17:09
VLAI?
Summary
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T09:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/",
"refsource": "MISC",
"url": "https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/"
},
{
"name": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html"
},
{
"name": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1",
"refsource": "MISC",
"url": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
},
{
"name": "FEDORA-2021-71fbdecdf8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/"
},
{
"name": "FEDORA-2021-848fd34b0b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/"
},
{
"name": "GLSA-202105-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35680",
"datePublished": "2020-12-24T15:53:03",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8794 (GCVE-0-2020-8794)
Vulnerability from cvelistv5 – Published: 2020-02-25 16:38 – Updated: 2024-08-04 10:12
VLAI?
Summary
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbsd.org/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-04T17:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbsd.org/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbsd.org/security.html",
"refsource": "MISC",
"url": "https://www.openbsd.org/security.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/02/24/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/5"
},
{
"name": "[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/26/1"
},
{
"name": "DSA-4634",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4634"
},
{
"name": "20200227 LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/32"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/1"
},
{
"name": "[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD\u0027s default install (CVE-2020-8794)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/03/01/2"
},
{
"name": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html"
},
{
"name": "FEDORA-2020-b92d7083ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4294-1/"
},
{
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8794",
"datePublished": "2020-02-25T16:38:07",
"dateReserved": "2020-02-07T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8793 (GCVE-0-2020-8793)
Vulnerability from cvelistv5 – Published: 2020-02-25 16:22 – Updated: 2024-08-04 10:12
VLAI?
Summary
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4294-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-13T22:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4294-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbsd.org/security.html",
"refsource": "MISC",
"url": "https://www.openbsd.org/security.html"
},
{
"name": "[oss-security] 20200224 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/24/4"
},
{
"name": "20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/28"
},
{
"name": "FEDORA-2020-b92d7083ca",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/"
},
{
"name": "USN-4294-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4294-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8793",
"datePublished": "2020-02-25T16:22:02",
"dateReserved": "2020-02-07T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}