QwikSec

Security Database

CVE

CWE

Training

CVE-2020-35680

Published: Dec 24, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/

x_refsource_MISC

https://www.mail-archive.com/misc%40opensmtpd.org/msg05188.html

x_refsource_MISC

https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1

x_refsource_MISC

FEDORA-2021-71fbdecdf8

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-848fd34b0b

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.