CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability
Project:OpenBSD
Product:OpenSMTPD
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
OpenSMTPD Remote Code Execution Vulnerability
Description
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-7247