OpenDMARC is vulnerable to denial of service. An insecure null termination in the function opendmarc_xml_parse can result in a one-byte heap overflow in opendmarc_xml which allows an attacker to parse a specially crafted DMARC aggregate report.
github.com/trusteddomainproject/OpenDMARC/issues/64
lists.debian.org/debian-lts-announce/2021/04/msg00026.html
lists.fedoraproject.org/archives/list/[email protected]/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/
lists.fedoraproject.org/archives/list/[email protected]/message/JHDKMCZGE3W4XBP76NLI2Q7IOZHXLD4A/
lists.fedoraproject.org/archives/list/[email protected]/message/KBOGOQOK3TIWWJV66MW5YWNRJAFFYGR5/
security-tracker.debian.org/tracker/CVE-2020-12460
security.gentoo.org/glsa/202011-02
sourceforge.net/projects/opendmarc/