GLSA-202011-02 : OpenDMARC: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-202011-02 OpenDMARC: Heap-based buffer overflow It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact : A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a...

OpenDMARC: Heap-based buffer overflow

Background OpenDMARC is an open source DMARC implementation. Description It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending o...

Ubuntu: Security Advisory (USN-4567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4567-1 opendmarc vulnerability

It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters...

USN-4567-1: OpenDMARC vulnerability

It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters...

Ubuntu 18.04 LTS : OpenDMARC vulnerability (USN-4567-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4567-1 advisory. It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple From: addresses. An attacker could use it to bypass spam and abuse...

[ASA-202009-1] opendmarc: denial of service

Arch Linux Security Advisory ASA-202009-1 ========================================= Severity: Medium Date : 2020-09-01 CVE-ID : CVE-2020-12460 Package : opendmarc Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1208 Summary ======= The package opendmarc before...

OpenDMARC Resource Management Error Vulnerability

OpenDMARC is an open source implementation of the DMARC Domain-based Message Authentication, Reporting and Conformance specification from The Trusted Domain project. A resource management error vulnerability exists in the 'opendmarcxmlparse' function in OpenDMARC versions 1.3.2 and earlier and...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

DEBIAN-CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

Design/Logic Flaw

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

UBUNTU-CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

CVE-2020-12460

OpenDMARC (affected: 1.3.2 and 1.4.x up to 1.4.0-Beta1) is vulnerable to an improper null termination in opendmarc_xml_parse, causing a one-byte heap overflow and remote memory corruption when parsing crafted DMARC aggregate reports. Affected components/file: opendmarc_xml_parse in OpenDMARC. Roo...

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarcxmlparse that can result in a one-byte heap overflow in opendmarcxml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte...

PT-2020-4942 · Trustwave +2 · Opendmarc +2

Name of the Vulnerable Software and Affected Versions: OpenDMARC versions 1.3.2 and 1.4.x through 1.4.0-Beta1 Description: The issue is related to improper null termination in the opendmarc xml parse function, which can result in a one-byte heap overflow in opendmarc xml when parsing a specially...

OpenDMARC has an unspecified vulnerability (CNVD-2020-27488)

OpenDMARC is an open source implementation of the DMARC Domain-based Message Authentication, Reporting and Conformance specification from The Trusted Domain project. An unspecified vulnerability exists in OpenDMARC. An attacker can exploit this vulnerability to bypass SPF and DMARC authentication...

DEBIAN-CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the...