CVE-2020-35680

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
24/12/2020
Last modified:
07/11/2023

Description

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:* 6.8.0 (excluding)
cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:-:*:*:*:*:*:*
cpe:2.3:a:opensmtpd:opensmtpd:6.8.0:patch1-rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*