Vulnerabilities (CVE)

Filtered by vendor Opensmtpd Subscribe

Filtered by product Opensmtpd

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35679	2 Fedoraproject, Opensmtpd	2 Fedora, Opensmtpd	2022-04-26	5.0 MEDIUM	7.5 HIGH
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
CVE-2020-35680	2 Fedoraproject, Opensmtpd	2 Fedora, Opensmtpd	2021-05-26	5.0 MEDIUM	7.5 HIGH
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.