opendmarc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Free open source software implementation of the DMARC specification
Version 1.4.0-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1375 1.4.0-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-12272 AVG-1375 Medium Yes Content spoofing
OpenDMARC through 1.3.2 and 1.4.x before 1.4.1 allows attacks that inject authentication results to provide false information about the domain that...
CVE-2019-20790 AVG-1375 Low Yes Authentication bypass
OpenDMARC through 1.3.2 and 1.4.x before 1.4.1, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1620 1.3.3-2 1.4.0-1 Medium Fixed
AVG-1208 1.3.2-6 1.3.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2020-12460 AVG-1208 Medium Yes Denial of service
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap...
CVE-2019-16378 AVG-1620 Medium Yes Signature forgery
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect...

Advisories

Date Advisory Group Severity Type
01 Sep 2020 ASA-202009-1 AVG-1208 Medium denial of service