CVE-2023-29323

2023-04-0423:15:07

Google

osv.dev

cve-2023-29323

openbsd

smtpd

opensmtpd portable

ipv6

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

CPENameOperatorVersion
srceq6.6.0
srceqopensmtpd-201310281424p1
srceqopensmtpd-201405121707p1
srceqopensmtpd-201602120826p1
srceqopensmtpd-201307290742
srceqopensmtpd-201410131657p1
srceqopensmtpd-201412241507p1
srceqopensmtpd-201212171136
srceqopensmtpd-201305241922
srceqopensmtpd-201502012303

Name	Operator	Version
src	eq	6.6.0
src	eq	opensmtpd-201310281424p1
src	eq	opensmtpd-201405121707p1
src	eq	opensmtpd-201602120826p1
src	eq	opensmtpd-201307290742
src	eq	opensmtpd-201410131657p1
src	eq	opensmtpd-201412241507p1
src	eq	opensmtpd-201212171136
src	eq	opensmtpd-201305241922
src	eq	opensmtpd-201502012303