CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8794

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile25.79th
PublishedFeb 25, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Affected Platforms (CPE)

πŸ“¦
Opensmtpd

Opensmtpd

< 6.6.4
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 19.10
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Fedoraproject

Fedora

= 32
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html
πŸ”— http://seclists.org/fulldisclosure/2020/Feb/32
πŸ”— http://www.openwall.com/lists/oss-security/2020/02/26/1
πŸ”— http://www.openwall.com/lists/oss-security/2020/03/01/1
πŸ”— http://www.openwall.com/lists/oss-security/2020/03/01/2
πŸ”— http://www.openwall.com/lists/oss-security/2021/05/04/7
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
πŸ”— https://usn.ubuntu.com/4294-1/

Related Vulnerabilities

CVE-2020-72479.8

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute ar...

CVE-2015-76879.8

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arb...

CVE-2020-356807.5

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (N...

CVE-2020-356797.5

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" mem...