What is CVE-2020-8794?

CVE-2020-8794 is a vulnerability in N/a. Published 2020-02-25.

Is CVE-2020-8794 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server bec…

EPSS: 0.881 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.openbsd.org/security.html (x_refsource_MISC)
www.openwall.com/lists/oss-security/2020/02/24/5 (x_refsource_MISC)
[oss-security] 20200226 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (mailing-list, x_refsource_MLIST)
DSA-4634 (vendor-advisory, x_refsource_DEBIAN)
20200227 LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (mailing-list, x_refsource_FULLDISC)
[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (mailing-list, x_refsource_MLIST)
[oss-security] 20200301 Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) (mailing-list, x_refsource_MLIST)
packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privile… (x_refsource_MISC)
FEDORA-2020-b92d7083ca (vendor-advisory, x_refsource_FEDORA)
USN-4294-1 (vendor-advisory, x_refsource_UBUNTU)

Frequently asked questions

What is CVE-2020-8794?: CVE-2020-8794 is a vulnerability in N/a. Published 2020-02-25.
Is CVE-2020-8794 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.