Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2020-35679
HistoryDec 24, 2020 - 4:15 p.m.

CVE-2020-35679

2020-12-2416:15:15
Alpine Linux Development Team
security.alpinelinux.org
11
opensmtpd
smtpd/table.c
memory leak

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.004

Percentile

72.0%

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a “very significant” memory leak via messages to an instance that performs many regex lookups.

OSVersionArchitecturePackageVersionFilename
Alpine3.11-mainnoarchopensmtpd< 6.6.4p1-r1UNKNOWN
Alpine3.12-mainnoarchopensmtpd< 6.6.4p1-r2UNKNOWN
Alpine3.13-mainnoarchopensmtpd< 6.7.1p1-r1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.004

Percentile

72.0%