OpenBSD Opensmtpd
Known Exploited OpenBSD Opensmtpd Vulnerabilities
The following OpenBSD Opensmtpd vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| OpenSMTPD Remote Code Execution Vulnerability | smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. CVE-2020-7247 | March 25, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in OpenBSD Opensmtpd . Opensmtpd did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Opensmtpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenBSD Opensmtpd Security Vulnerabilities
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products
CVE-2020-7247
9.8 - Critical
- January 29, 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by OpenBSD? Click the Watch button to subscribe.
