Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-35680: smtpd's filter state machine can prematurely release resources · openbsd/src@6c32204

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

CVE
#mac#dos#perl

Permalink

Browse files

smtpd’s filter state machine can prematurely release resources

leading to a crash. From gilles@

  • Loading branch information

millert committed

Dec 23, 2020

1 parent a02f695 commit 6c3220444ed06b5796dedfd53a0f4becd903c0d1

Showing 1 changed file with 1 addition and 6 deletions.

@@ -1,4 +1,4 @@

/* $OpenBSD: lka_filter.c,v 1.64 2020/12/20 13:27:46 martijn Exp $ */

/* $OpenBSD: lka_filter.c,v 1.65 2020/12/23 20:17:49 millert Exp $ */

/*

* Copyright © 2018 Gilles Chehade [email protected]

@@ -600,11 +600,6 @@ filter_session_io(struct io *io, int evt, void *arg)

filter_data(fs->id, line);

goto nextline;

case IO_DISCONNECTED:

io_free(fs->io);

fs->io = NULL;

break;

}

}

0 comments on commit 6c32204

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907