opensmtpd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Free implementation of the server-side SMTP protocol
Version 6.8.0p2-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1381 6.7.1p1-6 6.8.0p2-1 High Fixed
AVG-1105 6.6.3p1-1 6.6.4p1-1 Critical Fixed
AVG-1090 6.6.1p1-1 6.6.2p1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2020-35680 AVG-1381 Low Yes Denial of service
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference...
CVE-2020-35679 AVG-1381 High Yes Information disclosure
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to...
CVE-2020-8794 AVG-1105 Critical Yes Arbitrary command execution
An out-of-bounds read vulnerability has been found in the client-side code of OpenSMTPD <= 6.6.3p1, leading to arbitrary command execution via a crafted...
CVE-2020-7247 AVG-1090 Critical Yes Arbitrary command execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root...

Advisories

Date Advisory Group Severity Type
12 Jan 2021 ASA-202101-18 AVG-1381 High multiple issues
29 Feb 2020 ASA-202002-13 AVG-1105 Critical arbitrary command execution
29 Jan 2020 ASA-202001-6 AVG-1090 Critical arbitrary command execution