CVE-2023-29323
First published: Tue Apr 04 2023(Updated: )
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensmtpd Opensmtpd | <7.0.0 | |
| Openbsd Openbsd | =7.1 | |
| Openbsd Openbsd | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig
- https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f
- https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae
- https://security.netapp.com/advisory/ntap-20230526-0006/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GZBNQBHCM6PIOUR6I5GEQS35XYT2NX6T/
Frequently Asked Questions
What is the severity of CVE-2023-29323?
The severity of CVE-2023-29323 is high with a CVSS score of 7.8.
What is the affected software for CVE-2023-29323?
The affected software for CVE-2023-29323 is OpenSMTPD version up to 7.0.0, OpenBSD 7.1, and OpenBSD 7.2.
How can ascii_load_sockaddr in smtpd be exploited in CVE-2023-29323?
The vulnerability in ascii_load_sockaddr in smtpd can be exploited by initiating a connection from a local, scoped IPv6 address.
Is there a fix available for CVE-2023-29323?
Yes, the fix for CVE-2023-29323 is available in OpenBSD errata 024 for version 7.1 and in OpenBSD errata 020 for version 7.2, as well as in OpenSMTPD Portable commit f748277 for version 7.0.0.
Where can I find more information about CVE-2023-29323?
You can find more information about CVE-2023-29323 at the following references: [link1], [link2], [link3].
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/opensmtpd
- canonical/opensmtpd opensmtpd
- vendor/openbsd
- canonical/openbsd openbsd
- version/openbsd openbsd/7.1
- version/openbsd openbsd/7.2