CVE-2020-35680

Name of the Vulnerable Software and Affected Versions OpenSMTPD versions prior to 6.8.0p1

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted pattern of client activity. This occurs because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer in certain configurations.

Recommendations For versions prior to 6.8.0p1, update to version 6.8.0p1 or later to resolve the issue. As a temporary workaround, consider restricting access to the smtpd/lka filter.c module to minimize the risk of exploitation.