CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-35679

HIGH
7.5
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile11.41th
Published2020年12月24日
Last Modified2024年11月21日

Vulnerability Description

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

Affected Platforms (CPE)

📦
Opensmtpd

Opensmtpd

< 6.8.0
📦
Opensmtpd

Opensmtpd

= 6.8.0
📦
Opensmtpd

Opensmtpd

= 6.8.0
💻
Fedoraproject

Fedora

= 32
💻
Fedoraproject

Fedora

= 33

References & Advisories

🔗 https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/
🔗 https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/
🔗 https://security.gentoo.org/glsa/202105-12
🔗 https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html
🔗 https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/

相关漏洞威胁

CVE-2020-72479.8

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute ar...

CVE-2020-87949.8

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line rep...

CVE-2015-76879.8

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arb...

CVE-2020-356807.5

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (N...