opensmtpd

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Free implementation of the server-side SMTP protocol
Version	7.5.0p0-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1381	6.7.1p1-6	6.8.0p2-1	High	Fixed
AVG-1105	6.6.3p1-1	6.6.4p1-1	Critical	Fixed
AVG-1090	6.6.1p1-1	6.6.2p1-1	Critical	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-35680	AVG-1381	Low	Yes	Denial of service	smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference...
CVE-2020-35679	AVG-1381	High	Yes	Information disclosure	smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to...
CVE-2020-8794	AVG-1105	Critical	Yes	Arbitrary command execution	An out-of-bounds read vulnerability has been found in the client-side code of OpenSMTPD <= 6.6.3p1, leading to arbitrary command execution via a crafted...
CVE-2020-7247	AVG-1090	Critical	Yes	Arbitrary command execution	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root...

Advisories

Date	Advisory	Group	Severity	Type
12 Jan 2021	ASA-202101-18	AVG-1381	High	multiple issues
29 Feb 2020	ASA-202002-13	AVG-1105	Critical	arbitrary command execution
29 Jan 2020	ASA-202001-6	AVG-1090	Critical	arbitrary command execution