CVE-2020-12272

Name
CVE-2020-12272
Description
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://sourceforge.net/p/opendmarc/tickets/237/
Technical Description https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBOGOQOK3TIWWJV66MW5YWNRJAFFYGR5/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:trusteddomain:opendmarc:*:*:*:*:*:*:*:* opendmarc >= 1.0.0 <= 1.3.2
cpe:2.3:a:trusteddomain:opendmarc:1.4.0:-:*:*:*:*:*:* opendmarc == None == 1.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status