Headline
CVE-2020-12460: opendmarc
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a ‘\0’ byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
- Summary
- Files
- Reviews
- Support
- Code
- Tickets
- Discussion
This is an open source implementation of the draft DMARC specification.
LicenseBSD License
Manage your entire sales cycle, track client communication, and connect your projects, marketing activities and much more with a CRM that’s easy to use.
User Reviews
Additional Project Details
Intended AudienceInformation Technology, System Administrators, Security
User InterfaceNon-interactive (Daemon), Other toolkit
Programming LanguagePerl, C
2012-01-31
Related news
Ubuntu Security Notice 6356-1 - Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into receiving crafted inputs, an attacker could possibly use this to falsify the domain of an e-mails origin. Patrik Lantz discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.