Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensmtpd opensmtpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-35679
smtpd/table.c in OpenSMTPD prior to 6.8.0p1 lacks a certain regfree, which might allow malicious users to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Opensmtpd Opensmtpd 6.8.0
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-35680
smtpd/lka_filter.c in OpenSMTPD prior to 6.8.0p1, in certain configurations, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintai...
Opensmtpd Opensmtpd 6.8.0
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Fedoraproject Fedora 33
NA
CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD prior to 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable prior to 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Openbsd Openbsd 7.2
Opensmtpd Opensmtpd
Openbsd Openbsd 7.1
4.7
CVSSv2
CVE-2020-8793
OpenSMTPD prior to 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Opensmtpd Opensmtpd
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2013-2125
OpenSMTPD prior to 5.3.2 does not properly handle SSL sessions, which allows remote malicious users to cause a denial of service (connection blocking) by keeping a connection open.
Openbsd Opensmtpd
10
CVSSv2
CVE-2020-8794
OpenSMTPD prior to 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the clien...
Opensmtpd Opensmtpd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 EDB exploits
7.5
CVSSv2
CVE-2015-7687
Use-after-free vulnerability in OpenSMTPD prior to 5.7.2 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
Openbsd Opensmtpd
Fedoraproject Fedora 22
Fedoraproject Fedora 23
10
CVSSv2
CVE-2020-7247
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote malicious users to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncomm...
Openbsd Opensmtpd 6.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
9 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started