Opensmtpd

Do you want an email whenever new security vulnerabilities are reported in Opensmtpd?

By the Year

In 2024 there have been 0 vulnerabilities in Opensmtpd . Last year Opensmtpd had 1 security vulnerability published. Right now, Opensmtpd is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	1	7.80
2022	0	0.00
2021	0	0.00
2020	4	7.38
2019	0	0.00
2018	0	0.00

It may take a day or so for new Opensmtpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Opensmtpd Security Vulnerabilities

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection

CVE-2023-29323 7.8 - High - April 04, 2023

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance

CVE-2020-35679 7.5 - High - December 24, 2020

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

Memory Leak

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations

CVE-2020-35680 7.5 - High - December 24, 2020

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

NULL Pointer Dereference

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g

CVE-2020-8793 4.7 - Medium - February 25, 2020

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

Untrusted Path

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies

CVE-2020-8794 9.8 - Critical - February 25, 2020

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Opensmtpd? Click the Watch button to subscribe.

Opensmtpd
Vendor

Opensmtpd
Product

Opensmtpd

By the Year

Recent Opensmtpd Security Vulnerabilities

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection CVE-2023-29323 7.8 - High - April 04, 2023

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance CVE-2020-35679 7.5 - High - December 24, 2020

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations CVE-2020-35680 7.5 - High - December 24, 2020

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g CVE-2020-8793 4.7 - Medium - February 25, 2020

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies CVE-2020-8794 9.8 - Critical - February 25, 2020