opendmarc
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Free open source software implementation of the DMARC specification |
| Version |
1.4.0-1 [community-testing] 1.3.3-2 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1375 | 1.4.0-1 | Medium | Vulnerable | ||
| AVG-1620 | 1.3.3-2 | 1.4.0-1 | Medium | Testing |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-12272 | AVG-1375 | Medium | Yes | Content spoofing | OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail... |
| CVE-2019-20790 | AVG-1375 | Medium | Yes | Authentication bypass | OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO... |
| CVE-2019-16378 | AVG-1620 | Medium | Yes | Signature forgery | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1208 | 1.3.2-6 | 1.3.3-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-12460 | AVG-1208 | Medium | Yes | Denial of service | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 01 Sep 2020 | ASA-202009-1 | AVG-1208 | Medium | denial of service |