opendmarc
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Free open source software implementation of the DMARC specification |
| Version | 1.4.2-3 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2067 | 1.4.1.1-2 | Medium | Vulnerable | FS#72812 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-34555 | AVG-2067 | Medium | Yes | Denial of service | OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1620 | 1.3.3-2 | 1.4.0-1 | Medium | Fixed | |
| AVG-1375 | 1.4.0-2 | 1.4.1.1-1 | Medium | Fixed | |
| AVG-1208 | 1.3.2-6 | 1.3.3-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-12460 | AVG-1208 | Medium | Yes | Denial of service | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap... |
| CVE-2020-12272 | AVG-1375 | Medium | Yes | Content spoofing | OpenDMARC before 1.4.1 allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message.... |
| CVE-2019-20790 | AVG-1375 | Low | Yes | Authentication bypass | OpenDMARC before 1.4.1, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is... |
| CVE-2019-16378 | AVG-1620 | Medium | Yes | Signature forgery | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 19 May 2021 | ASA-202105-13 | AVG-1375 | Medium | multiple issues |
| 01 Sep 2020 | ASA-202009-1 | AVG-1208 | Medium | denial of service |