CVE-2020-35680

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-35680
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35680.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-35680
Downstream
Published
2020-12-24T16:15:15.600Z
Modified
2026-03-15T22:36:35.969007Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6c3220444ed06b5796dedfd53a0f4becd903c0d1
Type
GIT
Repo
https://github.com/opensmtpd/opensmtpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b9e207ab4e42dff36a56e0b32d67f5c50e4f63fb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.8.0-patch1\\-rc1"
        }
    ]
}

Affected versions

6.*
6.6.0
6.6.1
6.8.0p1-rc1
Other
l
master-last-working
opensmtpd-20121030110032
opensmtpd-20121030111957p1
opensmtpd-20121030150652
opensmtpd-20121106110822
opensmtpd-20121106111009p1
opensmtpd-20121107175509
opensmtpd-20121107175757p1
opensmtpd-20121113230649
opensmtpd-20121113231010p1
opensmtpd-201211152234
opensmtpd-201211152324p1
opensmtpd-201211232340
opensmtpd-201211232348p1
opensmtpd-201211261223
opensmtpd-201211261224p1
opensmtpd-201212031106
opensmtpd-201212031111p1
opensmtpd-201212081302
opensmtpd-201212081318p1
opensmtpd-201212150111
opensmtpd-201212150117p1
opensmtpd-201212171136
opensmtpd-201212171137p1
opensmtpd-201212222156
opensmtpd-201212222206p1
opensmtpd-201301031723
opensmtpd-201301031733p1
opensmtpd-201301050936
opensmtpd-201301050937p1
opensmtpd-201301111101
opensmtpd-201301111141
opensmtpd-201301111154p1
opensmtpd-201301191214
opensmtpd-201301191220p1
opensmtpd-201301241734
opensmtpd-201301241740p1
opensmtpd-201301241932
opensmtpd-201301241934p1
opensmtpd-201301252209
opensmtpd-201301252211p1
opensmtpd-201301281307
opensmtpd-201301281309
opensmtpd-201301281310p1
opensmtpd-201301311831
opensmtpd-201301311837p1
opensmtpd-201301312105
opensmtpd-201301312105p1
opensmtpd-201302051636
opensmtpd-201302051638p1
opensmtpd-201302141349
opensmtpd-201302141353p1
opensmtpd-201302152352
opensmtpd-201302152354p1
opensmtpd-201302212013
opensmtpd-201302212015p1
opensmtpd-201303011853p1
opensmtpd-201303201219
opensmtpd-201303201252p1
opensmtpd-201303211339
opensmtpd-201303211343p1
opensmtpd-201303221610
opensmtpd-201303221610p1
opensmtpd-201303311744
opensmtpd-201303311750p1
opensmtpd-201304041635
opensmtpd-201304041639p1
opensmtpd-201304281416
opensmtpd-201304281431p1
opensmtpd-201305171900
opensmtpd-201305171925p1
opensmtpd-201305171950p1
opensmtpd-201305241922
opensmtpd-201305241932p1
opensmtpd-201306071611
opensmtpd-201306071637p1
opensmtpd-201306211618
opensmtpd-201306211627p1
opensmtpd-201306221759
opensmtpd-201306271528
opensmtpd-201306271531p1
opensmtpd-201307061146
opensmtpd-201307091511
opensmtpd-201307091512p1
opensmtpd-201307121003
opensmtpd-201307121003p1
opensmtpd-201307151919
opensmtpd-201307151923p1
opensmtpd-201307190959
opensmtpd-201307191003p1
opensmtpd-201307191119p1
opensmtpd-201307221442
opensmtpd-201307221453p1
opensmtpd-201307290742
opensmtpd-201307290744p1
opensmtpd-201307311700
opensmtpd-201307311702p1
opensmtpd-201308201225
opensmtpd-201308201232p1
opensmtpd-201309091153
opensmtpd-201309091202p1
opensmtpd-201309121844
opensmtpd-201309121848p1
opensmtpd-201309121930
opensmtpd-201309121931p1
opensmtpd-201309201537
opensmtpd-201309201537p1
opensmtpd-201309241455
opensmtpd-201309241457p1
opensmtpd-201309241711
opensmtpd-201309241712p1
opensmtpd-201309241817
opensmtpd-201309241818p1
opensmtpd-201309251618
opensmtpd-201309251624p1
opensmtpd-201309261723
opensmtpd-201309261726p1
opensmtpd-201310031056
opensmtpd-201310031101p1
opensmtpd-201310081835
opensmtpd-201310081839p1
opensmtpd-201310101757
opensmtpd-201310101759p1
opensmtpd-201310231630
opensmtpd-201310231634p1
opensmtpd-201310241355
opensmtpd-201310241356p1
opensmtpd-201310251943
opensmtpd-201310251946p1
opensmtpd-201310281422
opensmtpd-201310281424p1
opensmtpd-201311071822
opensmtpd-201311071830p1
opensmtpd-201311181631
opensmtpd-201311181634p1
opensmtpd-201311182347p1
opensmtpd-201311201704
opensmtpd-201311201707p1
opensmtpd-201311261027
opensmtpd-201311261029p1
opensmtpd-201311270853
opensmtpd-201311270853p1
opensmtpd-201311281209
opensmtpd-201311281211p1
opensmtpd-201311292255
opensmtpd-201311292259p1
opensmtpd-201312021551
opensmtpd-201312021552p1
opensmtpd-201312021557
opensmtpd-201312021558p1
opensmtpd-201312081716
opensmtpd-201312081717p1
opensmtpd-201312131547
opensmtpd-201312131550p1
opensmtpd-201312142053
opensmtpd-201312142054p1
opensmtpd-201401061548
opensmtpd-201401061555p1
opensmtpd-201401201000
opensmtpd-201401201010p1
opensmtpd-201401201614p1
opensmtpd-201401202156
opensmtpd-201401202159p1
opensmtpd-201401231517
opensmtpd-201401231518p1
opensmtpd-201401241551
opensmtpd-201401241552p1
opensmtpd-201401311419
opensmtpd-201401311424p1
opensmtpd-201402071556
opensmtpd-201402071603p1
opensmtpd-201402271419
opensmtpd-201402271423p1
opensmtpd-201402281144
opensmtpd-201402281146p1
opensmtpd-201403051037
opensmtpd-201403051040p1
opensmtpd-201403261203
opensmtpd-201403261207p1
opensmtpd-201404151425
opensmtpd-201404151432p1
opensmtpd-201405071639
opensmtpd-201405071644p1
opensmtpd-201405121641
opensmtpd-201405121644p1
opensmtpd-201405121706
opensmtpd-201405121707p1
opensmtpd-201405142229
opensmtpd-201405142229p1
opensmtpd-201405142324
opensmtpd-201405142325p1
opensmtpd-201405202103
opensmtpd-201405202105p1
opensmtpd-201406061829
opensmtpd-201406061833p1
opensmtpd-201406110039
opensmtpd-201406110044p1
opensmtpd-201406170940p1
opensmtpd-201406190033
opensmtpd-201406190036p1
opensmtpd-201406192203
opensmtpd-201406192219p1
opensmtpd-201406192229
opensmtpd-201406192306p1
opensmtpd-201410012007
opensmtpd-201410012105p1
opensmtpd-201410040015
opensmtpd-201410040019p1
opensmtpd-201410131651
opensmtpd-201410131657p1
opensmtpd-201410152134
opensmtpd-201410152136p1
opensmtpd-201411042324
opensmtpd-201411042328p1
opensmtpd-201411052124
opensmtpd-201411052125p1
opensmtpd-201412241504
opensmtpd-201412241507p1
opensmtpd-201501060204
opensmtpd-201501060207p1
opensmtpd-201502012303
opensmtpd-201502012312p1
opensmtpd-201505091607p1
opensmtpd-201505091743
opensmtpd-201505121835
opensmtpd-201505121836p1
opensmtpd-201505241920
opensmtpd-201505241924p1
opensmtpd-201506020906
opensmtpd-201506020910p1
opensmtpd-201506112224
opensmtpd-201506112227p1
opensmtpd-201601051902
opensmtpd-201601051911p1
opensmtpd-201602031443
opensmtpd-201602031446p1
opensmtpd-201602120824
opensmtpd-201602120826p1
opensmtpd-201602131612
opensmtpd-201602131612p1
opensmtpd-201602131907p1
opensmtpd-201605221710
opensmtpd-201605221711p1
opensmtpd-201606062256
opensmtpd-201606062256p1
opensmtpd-201606062303p1
opensmtpd-201606071034p1
opensmtpd-201606152202
opensmtpd-201606152203p1
opensmtpd-201606220753
opensmtpd-201606220754p1
opensmtpd-201607021503
opensmtpd-201607021504p1
opensmtpd-201609141252
opensmtpd-201609141253p1
opensmtpd-201702130936
opensmtpd-201702130941p1
opensmtpd-201801101413
opensmtpd-201801101420p1
opensmtpd-201801101639
opensmtpd-201801101641p1
opensmtpd-5.*
opensmtpd-5.0
opensmtpd-5.0p1
opensmtpd-5.2.1
opensmtpd-5.2.1p1
opensmtpd-5.3
opensmtpd-5.3p1
opensmtpd-5.4.2
opensmtpd-5.4.2p1
opensmtpd-5.9.1
opensmtpd-5.9.1p1
opensmtpd-6.*
opensmtpd-6.0.3
opensmtpd-6.0.3p1
opensmtpd-6.4.0
opensmtpd-6.8.0p1-rc1

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "146958479146620846539546414962359749417",
                "331739472224798831840993251905507474107",
                "91893901251692159920292890227734731430",
                "279425024596136944150789901713018609996",
                "302454195925576915379956718349724179184",
                "102226086405913718666762852662536102668",
                "156377891668464352413748805278213613186",
                "294224973442606065565798747585475670296"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2020-35680-5a2407e5",
        "target": {
            "file": "usr.sbin/smtpd/lka_filter.c"
        },
        "source": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
    },
    {
        "digest": {
            "length": 477.0,
            "function_hash": "139574854378595409949297631104406793897"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2020-35680-e9b83694",
        "target": {
            "function": "filter_session_io",
            "file": "usr.sbin/smtpd/lka_filter.c"
        },
        "source": "https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "6.8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.8.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35680.json"