Trusteddomain Opendmarc vulnerabilities

6 known vulnerabilities affecting trusteddomain/opendmarc.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2024-25768HIGHCVSS 7.5v1.4.22024-02-26

CVE-2024-25768 [HIGH] CWE-476 CVE-2024-25768: OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendma OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.

CVE-2021-34555HIGHCVSS 7.5v1.4.1v1.4.1.12021-06-10

CVE-2021-34555 [HIGH] CWE-476 CVE-2021-34555: OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer deref OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

CVE-2020-12460CRITICALCVSS 9.8≤ 1.3.2v1.4.02020-07-27

CVE-2020-12460 [CRITICAL] CWE-787 CVE-2020-12460: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its

CVE-2019-20790CRITICALCVSS 9.8≥ 1.3.0, ≤ 1.3.2v1.4.02020-04-27

CVE-2019-20790 [CRITICAL] CWE-290 CVE-2019-20790: OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SP OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

CVE-2020-12272MEDIUMCVSS 5.3≥ 1.0.0, ≤ 1.3.2v1.4.02020-04-27

CVE-2020-12272 [MEDIUM] CWE-290 CVE-2020-12272: OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.

CVE-2019-16378CRITICALCVSS 9.8≤ 1.3.2v1.4.02019-09-17

CVE-2019-16378 [CRITICAL] CWE-290 CVE-2019-16378: OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability w OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.