opensmtpd-extras: An out-of-bounds read could lead to remote code execution (CVE-2020-8794)ID: oval:org.secpod.oval:def:1801995 | Date: (C)2022-03-25 (M)2023-11-10 |
Class: PATCH | Family: unix |
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Platform: |
Alpine Linux 3.13 |
Alpine Linux 3.14 |
Alpine Linux 3.15 |