Opensmtpd
By the Year
In 2024 there have been 0 vulnerabilities in Opensmtpd . Last year Opensmtpd had 1 security vulnerability published. Right now, Opensmtpd is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 4 | 7.38 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Opensmtpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opensmtpd Security Vulnerabilities
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection
CVE-2023-29323
7.8 - High
- April 04, 2023
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance
CVE-2020-35679
7.5 - High
- December 24, 2020
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Memory Leak
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations
CVE-2020-35680
7.5 - High
- December 24, 2020
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
NULL Pointer Dereference
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g
CVE-2020-8793
4.7 - Medium
- February 25, 2020
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Untrusted Path
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies
CVE-2020-8794
9.8 - Critical
- February 25, 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Out-of-bounds Read