Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8794Out-of-bounds Read in Opensmtpd

CWE-125Out-of-bounds Read22 documents10 sources
Severity
9.8CRITICALNVD
OSV4.7
EPSS
88.1%
top 0.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
OpensmtpdCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedFeb 25
Latest updateMay 24

Description

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDopensmtpd/opensmtpd< 6.6.4
Debianopensmtpd/opensmtpd< 6.6.4p1-1+3
Ubuntuopensmtpd/opensmtpd< 6.0.3p1-1ubuntu0.2+2

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, Ubuntu Linux 18.04, 19.10

Patches

Patch: usn.ubuntu.comPatch: usn.ubuntu.com

🔴Vulnerability Details

5
GHSA
GHSA-hmw3-c3g9-px9f: OpenSMTPD before 62022-05-24
OSV
opensmtpd vulnerabilities2021-03-15
OSV
OpenSMTPD vulnerabilities2020-03-02
CVEList
CVE-2020-8794: OpenSMTPD before 62020-02-25
OSV
CVE-2020-8794: OpenSMTPD before 62020-02-25

💥Exploits & PoCs

3
Exploit-DB
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)2020-03-09
Exploit-DB
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution2020-02-26
Metasploit
OpenSMTPD OOB Read Local Privilege Escalation

📋Vendor Advisories

3
Ubuntu
OpenSMTPD vulnerabilities2021-03-15
Ubuntu
OpenSMTPD vulnerabilities2020-03-02
Debian
CVE-2020-8794: opensmtpd - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds ...2020

🕵️Threat Intelligence

7
Trendmicro
Operation Overtrap Targets Japanese Online Banking2020-03-13
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE2020-03-12
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE2020-03-12
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE2020-03-12
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE2020-03-12

💬Community

3
Bugzilla
CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [fedora-all]2020-03-02
Bugzilla
CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution [epel-all]2020-03-02
Bugzilla
CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote code execution2020-02-25