Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202011-02
HistoryNov 03, 2020 - 12:00 a.m.

OpenDMARC: Heap-based buffer overflow

2020-11-0300:00:00
Gentoo Foundation
security.gentoo.org
35
opendmarc
buffer overflow
dmarc aggregate
denial of service
arbitrary code
upgrade

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.5%

JSON

Background

OpenDMARC is an open source DMARC implementation.

Description

It was found that OpenDMARC did not properly handle DMARC aggregate reports.

Impact

A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a Denial of Service condition and depending on how OpenDMARC library is used in linked application execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All OpenDMARC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-filter/opendmarc-1.3.3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-filter/opendmarc< 1.3.3UNKNOWN

Related

veracode 1
debiancve 1
ubuntucve 1
cve 1
fedora 3
openvas 6
osv 3
cvelist 1
nvd 1
debian 1
nessus 4
prion 1
archlinux 1
ubuntu 1
mageia 1
freebsd 1
veracode
veracode
Denial Of Service(DoS)
2021-04-27 06:25:05
debiancve
debiancve
CVE-2020-12460
2020-07-27 23:15:12
ubuntucve
ubuntucve
CVE-2020-12460
2020-07-27 00:00:00
cve
cve
CVE-2020-12460
2020-07-27 23:15:12
fedora
fedora
[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34
2021-05-08 01:34:34
[SECURITY] Fedora 34 Update: opendmarc-1.4.1-1.fc34
2021-05-31 01:05:38
[SECURITY] Fedora 33 Update: opendmarc-1.4.1-1.fc33
2021-05-31 00:47:53
openvas
openvas
Debian: Security Advisory (DLA-2639-1)
2021-04-26 00:00:00
Fedora: Security Advisory for opendmarc (FEDORA-2021-c1b846164e)
2021-05-08 00:00:00
Ubuntu: Security Advisory (USN-6356-1)
2023-09-11 00:00:00
osv
osv
CVE-2020-12460
2020-07-27 23:15:12
opendmarc - security update
2021-04-25 00:00:00
opendmarc vulnerabilities
2023-09-11 12:47:12
cvelist
cvelist
CVE-2020-12460
2020-07-27 22:52:35
nvd
nvd
CVE-2020-12460
2020-07-27 23:15:12
debian
debian
[SECURITY] [DLA 2639-1] opendmarc security update
2021-04-25 07:50:20
nessus
nessus
Debian DLA-2639-1 : opendmarc security update
2021-04-27 00:00:00
GLSA-202011-02 : OpenDMARC: Heap-based buffer overflow
2020-11-03 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : OpenDMARC vulnerabilities (USN-6356-1)
2023-09-11 00:00:00
prion
prion
Design/Logic Flaw
2020-07-27 23:15:00
archlinux
archlinux
[ASA-202009-1] opendmarc: denial of service
2020-09-01 00:00:00
ubuntu
ubuntu
OpenDMARC vulnerabilities
2023-09-11 00:00:00
mageia
mageia
Updated opendmarc packages fix security vulnerability
2021-10-06 22:41:56
freebsd
freebsd
OpenDMARC - Multiple vulnerabilities
2021-04-06 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.5%

JSON
Related for GLSA-202011-02
veracode1debiancve1ubuntucve1cve1fedora3openvas6osv3cvelist1nvd1debian1nessus4prion1archlinux1ubuntu1mageia1freebsd1