CVE-2020-8794

Name of the Vulnerable Software and Affected Versions OpenSMTPD versions prior to 6.6.4

Description The issue is related to an out-of-bounds read in the mta io function in mta session.c for multi-line replies, which can allow remote code execution. Although this affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. The vulnerability can be exploited by sending specially crafted emails, potentially allowing attackers to take over vulnerable remote servers.

Recommendations For OpenSMTPD versions prior to 6.6.4, update to version 6.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the mta io function in mta session.c until a patch is available. Avoid using the vulnerable code during bounce handling to minimize the risk of exploitation.