OpenSMTPD 5.9.2

CPE Details

OpenSMTPD 5.9.2
opensmtpd
opensmtpd
5.9.2
2020-03-30
11h00 +00:00
2020-03-30
11h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:opensmtpd:opensmtpd:5.9.2:-:*:*:*:*:*:*

Informations

Vendor

opensmtpd

Product

opensmtpd

Version

5.9.2

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-29323 2023-04-03 22h00 +00:00 ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
7.8
High
CVE-2020-35679 2020-12-24 14h53 +00:00 smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
7.5
High
CVE-2020-35680 2020-12-24 14h53 +00:00 smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
7.5
High
CVE-2020-8794 2020-02-25 15h38 +00:00 OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
9.8
Critical
CVE-2020-8793 2020-02-25 15h22 +00:00 OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
4.7
Medium