First published: Thu Dec 24 2020(Updated: )
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensmtpd Opensmtpd | <6.8.0 | |
Opensmtpd Opensmtpd | =6.8.0 | |
Opensmtpd Opensmtpd | =6.8.0-patch1-rc1 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35679 is a vulnerability in OpenSMTPD that allows attackers to trigger a significant memory leak through regex lookups.
CVE-2020-35679 has a severity rating of 7.5 (high).
OpenSMTPD versions up to and excluding 6.8.0 are affected by CVE-2020-35679.
To fix CVE-2020-35679, update to OpenSMTPD version 6.8.0p1 or later.
You can find more information about CVE-2020-35679 in the references provided: [link 1](https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043), [link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LKTFBQCHGMVPR4IZWHQIYAPM5J3LN3J/), [link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYAYXRV2DM5K4RU7RHCDZSA2UF6VCTRC/)