vulnerability
Ubuntu: (CVE-2023-29323): opensmtpd vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Apr 4, 2023 | Jun 26, 2025 | Jun 27, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Apr 4, 2023
Added
Jun 26, 2025
Modified
Jun 27, 2025
Description
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
Solution
no-fix-ubuntu-package
References
- CVE-2023-29323
- https://attackerkb.com/topics/CVE-2023-29323
- URL-https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h
- URL-https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h
- URL-https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h
- URL-https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
- URL-https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig
- URL-https://github.com/OpenSMTPD/OpenSMTPD/blob/41d0eae481f538956b1f1fbadfb535043454061f/usr.sbin/smtpd/envelope.c#L280
- URL-https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f
- URL-https://www.cve.org/CVERecord?id=CVE-2023-29323
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.