Debian Opendmarc vulnerabilities

6 known vulnerabilities affecting debian/opendmarc.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-25768HIGHCVSS 7.5fixed in opendmarc 1.4.2-5 (forky)2024
CVE-2024-25768 [HIGH] CVE-2024-25768: opendmarc - OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/... OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.4.2-5) sid: resolved (fixed in 1.4.2-5) trixie: resolved (fixed in 1.4.2-5)
debian
CVE-2021-34555HIGHCVSS 7.5fixed in opendmarc 1.4.0~beta1+dfsg-6 (bookworm)2021
CVE-2021-34555 [HIGH] CVE-2021-34555: opendmarc - OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service... OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. Scope: local bookworm: resolved (fixed in 1.4.0~beta1+dfsg-6) bullseye: resolved (fixed in 1.4.0~beta1+dfsg-6) forky: resolved (fixed in 1.4.0~beta1+dfsg-6) sid: resolved (fixed in 1.4.0~beta1+dfsg-6
debian
CVE-2020-12460CRITICALCVSS 9.8fixed in opendmarc 1.4.0~beta1+dfsg-3 (bookworm)2020
CVE-2020-12460 [CRITICAL] CVE-2020-12460: opendmarc - OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null terminat... OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE f
debian
CVE-2020-12272MEDIUMCVSS 5.3fixed in opendmarc 1.4.0~beta1+dfsg-4 (bookworm)2020
CVE-2020-12272 [MEDIUM] CVE-2020-12272: opendmarc - OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication resu... OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. Scope: local bookworm: resolved (fixed in 1.4.0~b
debian
CVE-2019-16378CRITICALCVSS 9.8fixed in opendmarc 1.3.2-7 (bookworm)2019
CVE-2019-16378 [CRITICAL] CVE-2019-16378: opendmarc - OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-by... OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. Scope: local bookworm: resolved (fixed in 1.3.2-7) bullseye: resolved (fixed in 1.3.2-7) forky: resolved (fixed in 1.3.2-
debian
CVE-2019-20790CRITICALCVSS 9.8fixed in opendmarc 1.4.0~beta1+dfsg-4 (bookworm)2019
CVE-2019-20790 [CRITICAL] CVE-2019-20790: opendmarc - OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows at... OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. Scope: local bookworm: resolved (fixed in 1.4.0~beta1+dfsg-4) bullseye: resolved (fixed in 1.4.0~beta1+dfsg-4) forky: resolved (fixed in 1.4.0~beta1+dfsg-4) s
debian
Debian Opendmarc vulnerabilities | cvebase