Added: 02/10/2020
CVE: CVE-2020-7247
OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms.
The **smtp_mailaddr**
function does not properly sanitize user input, allowing remote attackers to inject arbitrary commands into the **MAIL FROM**
header.
Upgrade to OpenSMTPD 6.6.2p1 or higher.
<https://www.kb.cert.org/vuls/id/390745/>
Exploit works with OpenSMTPD 6.6.0.