Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2023-29323

Medium priority
Vulnerable

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-35680

Medium priority
Vulnerable

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the...

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Vulnerable Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2020-35679

Medium priority
Vulnerable

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Vulnerable Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2020-8794

High priority

Some fixes available 13 of 14

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a...

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-8793

Low priority

Some fixes available 13 of 14

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-7247

High priority
Fixed

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a...

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Not affected Not affected Fixed Fixed
Show less packages

CVE-2015-7687

Medium priority
Vulnerable

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

1 affected package

opensmtpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensmtpd Not affected Not affected Not affected Not affected Not affected
Show less packages