Veracode Vulnerability DatabaseVERACODE:42919IPv6 Local Scoped Address Disruption
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
opensmtpd is vulnerable to IPv6 Local Scoped Address Disruption . The vulnerability exists due to the use of inet_pton(3) function in the envelope.c, which allows an attacker to abort the connection by providing localy scoped IPv6 address.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensmtpd:sid | eq | 6.7.1p1-2 | |
| opensmtpd:sid | eq | 6.8.0p2-3 | |
| opensmtpd:sid | eq | 6.8.0p2-4 | |
| opensmtpd:sid | eq | 6.7.1p1-2 | |
| opensmtpd:sid | eq | 6.8.0p2-3 | |
| opensmtpd:sid | eq | 6.8.0p2-4 |
References
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h
cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h
ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig
github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae
github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/
security-tracker.debian.org/tracker/CVE-2023-29323
security.netapp.com/advisory/ntap-20230526-0006/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%