CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Openbsd: >> Opensmtpd >> 6.6 Security Vulnerabilities

CVE-2020-7247

Known exploited

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

CVSS Score

9.8

EPSS Score

0.941

Published

2020-01-29

Page 1

Vulnerabilities

Vulnerable Software

Openbsd: >> Opensmtpd >> 6.6 Security Vulnerabilities

Products

Pricing

Contact Us