OpenBSD Opensmtpd
stack.watch can notify you when security vulnerabilities are reported in OpenBSD Opensmtpd. You can add multiple products that you use with Opensmtpd to create your own personal software stack watcher.
By the Year
In 2020 there have been 1 vulnerability in OpenBSD Opensmtpd with an average score of 9.8 out of ten. Last year Opensmtpd had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 1 | 9.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Opensmtpd vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest OpenBSD Opensmtpd Security Vulnerabilities
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products,
CVE-2020-7247
9.8 - Critical
- January 29, 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Unchecked Return Value