Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensmtpd opensmtpd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-35679
smtpd/table.c in OpenSMTPD prior to 6.8.0p1 lacks a certain regfree, which might allow malicious users to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Opensmtpd Opensmtpd 6.8.0
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-35680
smtpd/lka_filter.c in OpenSMTPD prior to 6.8.0p1, in certain configurations, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintai...
Opensmtpd Opensmtpd 6.8.0
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.8
CVSSv3
CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD prior to 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable prior to 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Openbsd Openbsd 7.2
Opensmtpd Opensmtpd
Openbsd Openbsd 7.1
4.7
CVSSv3
CVE-2020-8793
OpenSMTPD prior to 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
1 EDB exploit
1 Github repository
NA
CVE-2013-2125
OpenSMTPD prior to 5.3.2 does not properly handle SSL sessions, which allows remote malicious users to cause a denial of service (connection blocking) by keeping a connection open.
Openbsd Opensmtpd
9.8
CVSSv3
CVE-2020-8794
OpenSMTPD prior to 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the clien...
Opensmtpd Opensmtpd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 EDB exploits
9.8
CVSSv3
CVE-2015-7687
Use-after-free vulnerability in OpenSMTPD prior to 5.7.2 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
Openbsd Opensmtpd
Fedoraproject Fedora 22
Fedoraproject Fedora 23
9.8
CVSSv3
CVE-2020-7247
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote malicious users to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncomm...
Openbsd Opensmtpd 6.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
9 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started