CVE-2023-29323

CVE-2023-29323

Name

CVE-2023-29323

Description

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig
MISC	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h
MISC	https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
MISC	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h
MISC	https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f
MISC	https://github.com/OpenSMTPD/OpenSMTPD/blob/41d0eae481f538956b1f1fbadfb535043454061f/usr.sbin/smtpd/envelope.c#L280
MISC	https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h
MISC	https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae

Type

URI

MISC

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd.patch.sig

MISC

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h

MISC

https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig

MISC

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h

MISC

https://github.com/OpenSMTPD/OpenSMTPD/commit/41d0eae481f538956b1f1fbadfb535043454061f

MISC

https://github.com/OpenSMTPD/OpenSMTPD/blob/41d0eae481f538956b1f1fbadfb535043454061f/usr.sbin/smtpd/envelope.c#L280

MISC

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h

MISC

https://github.com/openbsd/src/commit/f748277ed1fc7065ae8998d61ed78b9ab1e55fae

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:openbsd:openbsd:7.2:::::::*`	openbsd	== None	== 7.2
`cpe:2.3:a:opensmtpd:opensmtpd::::::::`	opensmtpd	>= None	< 7.0.0
`cpe:2.3:o:openbsd:openbsd:7.1:::::::*`	openbsd	== None	== 7.1

CPE URI

Source package

Min version

Max version

cpe:2.3:o:openbsd:openbsd:7.2:*:*:*:*:*:*:*

openbsd

== None

== 7.2

cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*

opensmtpd

>= None

< 7.0.0

cpe:2.3:o:openbsd:openbsd:7.1:*:*:*:*:*:*:*

openbsd

== None

== 7.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opensmtpd	edge-community	6.8.0p2-r7	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opensmtpd	3.17-community	6.8.0p2-r6	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opensmtpd	3.16-main	6.8.0p2-r4	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opensmtpd	3.15-main	6.8.0p2-r4	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opensmtpd	3.14-main	6.8.0p2-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
opensmtpd	3.18-community	6.8.0p2-r7	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

opensmtpd

edge-community

6.8.0p2-r7

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

opensmtpd

3.17-community