PT-2020-17389 · Openbsd · Opensmtpd
Published
2020-12-24
·
Updated
2022-04-26
·
CVE-2020-35679
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenSMTPD versions prior to 6.8.0p1
Description
The issue is related to a memory leak in OpenSMTPD. It is caused by a lack of a certain regfree in the smtpd/table.c file, which might allow attackers to trigger a significant memory leak via messages to an instance that performs many regex lookups.
Recommendations
For OpenSMTPD versions prior to 6.8.0p1, update to version 6.8.0p1 or later to resolve the issue. As a temporary workaround, consider restricting the number of regex lookups performed by the instance to minimize the risk of exploitation.
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensmtpd