CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29323
https://notcve.org/view.php?id=CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. • https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd&# •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35679
https://notcve.org/view.php?id=CVE-2020-35679
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. El archivo smtpd/table.c en OpenSMTPD versiones anteriores a 6.8.0p1, carece de determinado regfree, lo que podría permitir a atacantes activar un filtrado de memoria "very significant" por medio de mensajes hacia una instancia que lleva a cabo muchas búsquedas de expresiones regulares • https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github https://security.gentoo.org/glsa/202105-12 https://www.mail-archive.com&#x • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35680
https://notcve.org/view.php?id=CVE-2020-35680
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. El archivo smtpd/lka_filter.c en OpenSMTPD versiones anteriores a 6.8.0p1, en determinadas configuraciones, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y fallo del demonio) por medio de un patrón diseñado de actividad del cliente, porque la máquina de estado del filtro no mantiene apropiadamente el canal de I/O entre el motor SMTP y la capa de filtros • https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github https://security.gentoo.org/glsa/202105-12 https://www.mail-archive.com&#x • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 93%CPEs: 7EXPL: 7CVE-2020-8794 – OpenSMTPD OOB Read Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. OpenSMTPD versiones anteriores a 6.6.4, permite una ejecución de código remota debido a una lectura fuera de límites en la función mta_io en el archivo mta_session.c para respuestas multilínea. Aunque esta vulnerabilidad afecta al lado del cliente de OpenSMTPD, es posible atacar a un servidor porque el código del servidor inicia el código del cliente durante el manejo de saltos. • https://www.exploit-db.com/exploits/48185 https://www.exploit-db.com/exploits/48140 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Feb/32 http://www.openwall.com/lists/oss-security/2020/02/26/1 http://www.openwall.com/lists/oss-security/2020/03/01/1 http://www.openwall.com/lists/oss-security/2020/03/01/2 http://www.openwall.com/lists/oss-security/2021/05/04/7 https: • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 2CVE-2020-8793 – OpenSMTPD 6.6.3 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2020-8793
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. OpenSMTPD versiones anteriores a 6.6.4, permite a usuarios locales leer archivos arbitrarios (por ejemplo, en algunas distribuciones de Linux) debido a una combinación de una ruta de búsqueda no confiable en el archivo makemap.c y unas condiciones de carrera en la funcionalidad offline en el archivo smtpd.c. • https://www.exploit-db.com/exploits/48139 http://seclists.org/fulldisclosure/2020/Feb/28 http://www.openwall.com/lists/oss-security/2020/02/24/4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E https://usn.ubuntu.com/4294-1 https://www.openbsd.org/security.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-426: Untrusted Search Path •