Opensmtpd OpenBSD Opensmtpd

stack.watch can notify you when security vulnerabilities are reported in OpenBSD Opensmtpd. You can add multiple products that you use with Opensmtpd to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in OpenBSD Opensmtpd with an average score of 9.8 out of ten. Last year Opensmtpd had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 1 9.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Opensmtpd vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest OpenBSD Opensmtpd Security Vulnerabilities

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products,

CVE-2020-7247 9.8 - Critical - January 29, 2020

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Unchecked Return Value