gilles

3 exploits Active since Jan 2020
CVE-2020-7247 WRITEUP CRITICAL WRITEUP
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2020-35679 WRITEUP HIGH WRITEUP
OpenSMTPD < 6.8.0p1 - Memory Leak via Regex Lookup
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
CVSS 7.5
CVE-2020-35680 WRITEUP HIGH WRITEUP
OpenSMTPD < 6.8.0p1 - Denial of Service via NULL Pointer Dereference in lka_filter.c
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
CVSS 7.5